-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Censor events for cross-origin scripts #20
Comments
Done in spec-land in whatwg/html@d7e1571... now let's see if I can figure out how to write some tests :-S |
is "muted errors" defined somewhere? |
Also relevant is https://html.spec.whatwg.org/#the-script-element:create-a-script which plumbs the flag through |
hum, so there are three "scripts" we could consider: the script that created the promise, the script that rejected it, or the script that created the reason. which one should we use for the is muted check? Implementation wise, we currently use "reason" to display the stack in devtools, however, that means that if you e.g. new Promise(function(a,b) { b(1); }); you won't get a stack trace. |
The spec is that it's the script that rejected it, similar to how it's the script that throws an error that we use for window.onerror's muted check. (There the choices are fewer: the script that threw the error, and the script that created the error.) I'm not sure I understand the relevance of your last paragraph... |
If a script was loaded from a cross-origin URL without CORS access, we should censor the events / or not send them at all.
The text was updated successfully, but these errors were encountered: