Explore ways to expose anonymous sources in debugger somewhere
Categories
(DevTools :: Debugger, enhancement, P5)
Tracking
(Not tracked)
People
(Reporter: sebo, Unassigned)
References
(Blocks 1 open bug, )
Details
The debugger should list sources of scripts executed by injecting a <script> element via a document.write() call.
Updated•6 years ago
|
Updated•5 years ago
|
Comment 1•4 years ago
|
||
Injected scripts can be debugged, but do not show up in the source file list because they have no URL. You can however use a //# sourceURL=
pragma to give the injected script a URL if you'd like.
Reporter | ||
Comment 2•4 years ago
|
||
In Firebug we implemented some numbering system for sources without URL back in the day, i.e. dynamically injected scripts. And I think that also covered scripts generated via document.write()
.
I am aware that using //# sourceURL=
allows to provide a URL, but it would be a better UX if injected scripts were always listed. Currently, the injected scripts are not listed and script authors don't get any hint that they need to add a source URL. Though that is a general issue with dynamically generated scripts.
Sebastian
Comment 3•4 years ago
|
||
Ah I looked too much at the title and not enough at the description, woops! I'm up for keeping this open but I'd be curious what Harald things.
@Harald Is this something that you think would be worthwhile? Anonymous scripts in this case being code introduces that has no logical URL associated with it, the main examples being:
eval("code;")
new Function("code;")()
- `document.write("<script>code;</script>");
var s = document.createElement("script"); s.text = "code;"; document.head.appendChild(s);
<button onclick="code;">
setTimeout("code;", 10);
- Code typed into the console
Currently all of these have no URL, so they can't show up sources tree, so the only way to open them in the debugger is to hit some kind of breakpoint in them or click to open them from a console log statement. Listing them all in the source tree doesn't seem like a good idea to me because there really could be an unbounded number of entries, but we could consider surfacing them somewhere custom. It's not something I think I'd use much, but I can see the argument for it. Thoughts?
Comment 4•4 years ago
|
||
var s = document.createElement("script"); s.text = "console.log(1);"; document.head.appendChild(s);
works and allows viewing the script, so https://bugzilla.mozilla.org/show_bug.cgi?id=1124106#c2 still holds true.
Looking at the referenced bugs, it seems that there is no use specific framework related case in the wild that is currently blocked by this. As this is the behavior for both Chrome and Firefox, I'd assume devs add sourceURLs to anything they deem important enough. We can re-open if we find more reports and patterns on the web that are un-debuggable because of this.
Related, breaking on first script statement would solve the can-not-set-breakpoint problem.
Description
•