Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Do Not Merge] [Crash Reports] add source Modules field #833

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions CrashReporting/AddStackToCrashReports.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,19 @@ Web sites can contain bugs or inefficiencies that cause the page or an iframe wi

## Proposal

If a site opts in, crash reports uploaded by the Crash Reporting API may include the JavaScript call stack, in a new property on `CrashReportBody`:
If a site opts in, crash reports uploaded by the Crash Reporting API may include the JavaScript call stack and script hashes, in new properties on `CrashReportBody`:

```
readonly attribute DOMString? stack;
readonly attribute DOMString? sourceModules;
```

## Source Modules

In addition to the JavaScript call stack, we propose adding a `sourceModules` field to the `CrashhReportBody`. This field will contain information about the source modules present in the call stack. Each source module will be a Source mapping URL or URL and a SHA-256 hash of the source. This will allow developers to indentify the exact version of the code that was running when the crash occured. The field may look something like this:

```
"https://example.com/script.js f3a2b4c5d6e7f8g9123456k3l4m5n6o7p8q9r0s1abcdefw5x6y7z8a9b0c1d2e3\n"
```

### How to opt in?
Expand Down Expand Up @@ -79,15 +88,15 @@ Wasm stack frames will be supported. Typically the format is `${url}:wasm-functi

#### Why require opt-in?

Some sites may be sending their reports to a third-party service and not wish to expose information about their site code to that third party. This feature would also increase the size of reports, add a property that existing servers might not handle correctly, and include data that users might not have consented to send.
Some sites may be sending their reports to a third-party service and not wish to expose information about their site code to that third party. This feature would also increase the size of reports, adding two propertyies that existing servers might not handle correctly, and include data that users might not have consented to send.
issackjohn marked this conversation as resolved.
Show resolved Hide resolved

#### Does this affect user privacy?

This adds a mechanism that could allow website owners to learn about an extension that a user is running if the page reports a crash while code from the extension's content script is on the stack.

### Security

Just like `Error.prototype.stack`, stack frames from cross-domain scripts that were not loaded with CORS must be omitted.
Just like `Error.prototype.stack`, stack frames & script hashes from cross-domain scripts that were not loaded with CORS must be omitted.

## References & acknowledgements

Expand Down