Closed Bug 1122222 Opened 10 years ago Closed 4 years ago

Explore ways to expose anonymous sources in debugger somewhere

Categories

(DevTools :: Debugger, enhancement, P5)

enhancement

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: sebo, Unassigned)

References

(Blocks 1 open bug, )

Details

The debugger should list sources of scripts executed by injecting a <script> element via a document.write() call.
Blocks: 865313
See Also: → 1124106
Product: Firefox → DevTools
Blocks: dbg-control
Priority: -- → P5

Injected scripts can be debugged, but do not show up in the source file list because they have no URL. You can however use a //# sourceURL= pragma to give the injected script a URL if you'd like.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX

In Firebug we implemented some numbering system for sources without URL back in the day, i.e. dynamically injected scripts. And I think that also covered scripts generated via document.write().

I am aware that using //# sourceURL= allows to provide a URL, but it would be a better UX if injected scripts were always listed. Currently, the injected scripts are not listed and script authors don't get any hint that they need to add a source URL. Though that is a general issue with dynamically generated scripts.

Sebastian

Ah I looked too much at the title and not enough at the description, woops! I'm up for keeping this open but I'd be curious what Harald things.

@Harald Is this something that you think would be worthwhile? Anonymous scripts in this case being code introduces that has no logical URL associated with it, the main examples being:

  • eval("code;")
  • new Function("code;")()
  • `document.write("<script>code;</script>");
  • var s = document.createElement("script"); s.text = "code;"; document.head.appendChild(s);
  • <button onclick="code;">
  • setTimeout("code;", 10);
  • Code typed into the console

Currently all of these have no URL, so they can't show up sources tree, so the only way to open them in the debugger is to hit some kind of breakpoint in them or click to open them from a console log statement. Listing them all in the source tree doesn't seem like a good idea to me because there really could be an unbounded number of entries, but we could consider surfacing them somewhere custom. It's not something I think I'd use much, but I can see the argument for it. Thoughts?

Status: RESOLVED → REOPENED
Flags: needinfo?(hkirschner)
Resolution: WONTFIX → ---
Summary: Allow to debug scripts injected via document.write → Explore ways to expose anonymous sources in debugger somewhere

var s = document.createElement("script"); s.text = "console.log(1);"; document.head.appendChild(s); works and allows viewing the script, so https://bugzilla.mozilla.org/show_bug.cgi?id=1124106#c2 still holds true.

Looking at the referenced bugs, it seems that there is no use specific framework related case in the wild that is currently blocked by this. As this is the behavior for both Chrome and Firefox, I'd assume devs add sourceURLs to anything they deem important enough. We can re-open if we find more reports and patterns on the web that are un-debuggable because of this.

Related, breaking on first script statement would solve the can-not-set-breakpoint problem.

Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Flags: needinfo?(hkirschner)
Resolution: --- → WONTFIX
See Also: → 917963
You need to log in before you can comment on or make changes to this bug.