NEW 115087
Web Inspector: WebCore::reportException should not evaluate JavaScript handling exceptions 
https://bugs.webkit.org/show_bug.cgi?id=115087
Summary Web Inspector: WebCore::reportException should not evaluate JavaScript handli...
Joseph Pecoraro
Reported 2013-04-23 22:16:03 PDT
Currently WebCore::reportException can evaluate JavaScript when handling exceptions. The JS evaluation can itself throw an exception if running code in the page. For example: function MyError() { this.name = "MyErrorName"; this.message = "MyErrorMessage"; } MyError.prototype.toString = function() { throw "oops"; } function produceError() { throw new MyError(); } produceError(); WebCore::reportException call's this toString, and can potentially get values with hooks in valueOf as well. We should avoid running JS that can trigger its own exceptions if possible.
Attachments
Add attachment proposed patch, testcase, etc.
Geoffrey Garen
Comment 1 2013-07-16 14:05:01 PDT
Chris is working on similar bugs in JSC, so reassigning to him.
Timothy Hatcher
Comment 2 2014-01-10 15:37:13 PST
Moving to the right component.
Radar WebKit Bug Importer
Comment 3 2014-01-10 15:37:41 PST
<rdar://problem/15796841>
Joseph Pecoraro
Comment 4 2014-02-19 14:20:02 PST
Oliver had a suggestion on IRC: - if the exception object is a builtin Exception/Error object => directly get "message" property - if the exception object is a primitive => toString - otherwise, send the exception object to the inspector frontend like a console.log (RemoteObject) I think that is a good idea. This would nicely handle these cases: - SyntaxError / ReferenceError - throw 1, throw "test", ... - throw {a:1,b:2}, throw [1,2,3], throw new MyError()
Note You need to log in before you can comment on or make changes to this bug.