support @sourceURL=... comment annotation in JavaScript for eval, script injection, inline script blocks, etc

RESOLVED DUPLICATE of bug 583083

Status

()

Core
JavaScript Engine
--
enhancement
RESOLVED DUPLICATE of bug 583083
6 years ago
6 years ago

People

(Reporter: Kyle Simpson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
I had a conversation with mrbkap and fitzgen about a very limited scope request, which is to bring in support for @sourceURL annotation in JavaScript code, similar to how Firebug currently supports for eval(), for all forms of JavaScript code parsing/execution, especially those which don't already have a good "label" (like what the source filename/URL is).

Firebug allows:

// @sourceURL=...

If you add that at the very end of a block of code that you pass to eval(), it will use the specified filename label for debugging and other output purposes, when referring to that script. This is quite useful for when you load a file via XHR, for instance, and either eval() it or pass it to script injection, by creating a script element and setting its .text property, etc.

Reference: http://blog.getfirebug.com/2009/08/11/give-your-eval-a-name-with-sourceurl/

My request is that the `JSScript::filename` property be overridable if such a comment annotation appears in JS code that is parsed/executed. In that way, this filename "label" will be available to tools like the debugger or the web console devtool, etc.

There is one case that mrbkap identified that needs special casing, which is that `chrome://global/...` URLs are given special permissions, so any annotation with that type of value should ignore that value and NOT set it, thus preventing scripts from artificially elevating their own privileges.

Also, I am aware that there's more comprehensive work being done on Source Mapping (I believe that's what fitzgen is working on), which as we discussed is not a superset of this request, but related yet orthagonal. The Source Mapping stuff is about taking a script and relating it back to a specific resource on a server (like a source file, etc), whereas this request is to give an arbitrary label (often a "filename") to a script container, for the purposes of the devtooling outputs, only. It would augment what the Source Mapping stuff will eventually provide.

For instance, you wouldn't necessarily map a little snippet of code that you want to eval() to a real resource on the server, but you might want to give it a label like "mouse-events.js" so that in debugging output, you knew what the snippet was.

Technically, @sourceURL is slightly misleading, since it's not really supposed to convey any semantics about the label being a URL, per se. @Label might be more accurate. However, I'm proposing that we do @sourceURL to maintain compatibility with how firebug's feature already works with eval() code.

This request will let our native devtools, like our debugger and web console, have the same functionality that firebug has currently hacked in with @sourceURL.
(Reporter)

Updated

6 years ago
Summary: support @sourceURL=... comment mapping in JavaScript for eval, script injection, inline script blocks, etc → support @sourceURL=... comment annotation in JavaScript for eval, script injection, inline script blocks, etc
(Reporter)

Updated

6 years ago
OS: Windows 7 → All
Hardware: x86 → All
Version: Trunk → unspecified
(Reporter)

Updated

6 years ago
Severity: normal → enhancement
Looks like this is already on file as bug 583083.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 583083
You need to log in before you can comment on or make changes to this bug.