Add promise rejection tracking events #224
Conversation
domenic
added
addition/proposal
| @@ -85710,6 +85712,12 @@ interface <dfn>NavigatorOnLine</dfn> { | |||
|
|
|||
| </dl> | |||
|
|
|||
| <p>An <span>environment settings object</span> also has an <dfn>outstanding rejected promises weak set</dfn> and | |||
|
Pushed another commit addressing most review comments. I'd rather stick with optional event init unless there is an example of going the other direction. |
domenic
force-pushed
the
unhandledrejections
branch
from
e5e45ce
to
bbcabd2
Compare
|
@bzbarsky do you have an example of an event dictionary where a parameter is required? I thought we had precedent for that by now. |
|
@bzbarsky @annevk so the use of "optional NotificationEventInit" instead of just "NotificationEventInit" is an error in Notifications? Or does Web IDL allow omitting dictionaries with required members? (I see that it requires that dictionaries without required members are marked optional, but I don't see the inverse requirement...) |
That's a good question. I'm not quite sure what the intended handling of "optional" dictionary arguments is in Web IDL. I thought it was "handle it as if it had empty dictionary as default value", but what the spec actually says is:
which suggests that in an API like this: the first arg does NOT have empty dictionary as a default value. Instead, if undefined is passed then the argument will be treated as "not passed". I suspect this is a bug in the spec, and the intent is that in any context in which things could have a default value (optional arguments, dictionary members, etc) we want a dictionary type to have a default value of empty dictionary. @heycam, does that seem reasonable? The resolution of that will determine what happens with the |
|
OK cool. Removed Also, note to self: I don't think this properly specs cross-origin error censoring. Or if it does, it does so by accident. I need to investigate further. |
This is a non-observable change that will allow HTML to provide events for tracking promise rejections, as outlined in https://github.com/domenic/unhandled-rejections-browser-spec. For more information on the original proposal and use cases (mostly on the HTML side), see https://lists.w3.org/Archives/Public/public-whatwg-archive/2014Sep/0024.html. The corresponding HTML pull request is at whatwg/html#224.
This is a non-observable change that will allow HTML to provide events for tracking promise rejections, as outlined in https://github.com/domenic/unhandled-rejections-browser-spec. For more information on the original proposal and use cases (mostly on the HTML side), see https://lists.w3.org/Archives/Public/public-whatwg-archive/2014Sep/0024.html. The corresponding HTML pull request is at whatwg/html#224.
|
Any updates on this? |
This is somewhat blocked on tc39/ecma262#76, which due to TC39's work mode will need to wait until late November for a face to face discussion. However, I believe we have editor consensus on adding this once that lands. (To truly do this correctly, we need to fix https://www.w3.org/Bugs/Public/show_bug.cgi?id=25981 first. However my plan is to fudge things a little in the meantime, and get a reference to the currently running script with a bit of hand-waving that will be formalized once that bug is fixed. (The currently running script is necessary for the cross-origin check.)) |
|
How is "currently running script" different from "incumbent settings object" in this case? |
My comment was about the gymnastics of getting from ES-land to HTML-land. ES-land calls HostPromiseRejectionTracker, and in ES land the relevant primitive is "running execution context". We need to go from there to a settings object, but currently the specs do not talk to each other well enough to do so. The plan for doing that is partially in the linked bugzilla, and partially in tc39/ecma262#78. |
|
about the cross origin scripts - we only filter parsing errors, once the script runs, you get full errors, no? |
|
No runtime script errors are also muted. |
|
ah, you're right |
|
remains the question which URL you'd associate with a promise rejection event? the file that contained the code that creates the promise? The file that rejected the promise? I'm still not convinced we need to censor anything here - once the script runs, you can just access it anyways |
|
You can't necessarily read the script itself (e.g. if it's wrapped in an anonymous function and doesn't set any properties accessible to you). If you don't mute exceptions, you can include the script in a document with a different DOM that what the script expects, or otherwise do something to cause an exception, which lets you read the stacktrace. I don't know if there's a concrete attack, but possibly people include secrets like session cookies in scripts if the user is logged in, or company secrets behind IP-based auth, etc, that could be exposed in a stacktrace but not otherwise. |
|
so you're proposing to just censor the "reason" iff the reason is an Error object and it was created in a non-cors cross origin script? |
| data-x="concept-promise-rejection-nothandled">not handled</span> state of promise rejections | ||
| when determining what to display in any debugging interfaces. That is, intercepting an | ||
| <code>unhandledrejection</code> event and calling <code>preventDefault()</code> should prevent | ||
| the corresponding rejection from showing up in any developer tools.</p> |
There was a problem hiding this comment.
I think this should use similar wording as for runtime script errors (in the normative paragraph above, not in the note):
If the error is still not handled after this, then the error may be reported to the user.
Also, avoid using should/may/must inside notes, since they are normative keywords but notes are non-normative.
There was a problem hiding this comment.
I'm not so sure. It seems like that paragraph for errors is talking about the old days when browsers would pop up an alert()-like thing for script errors. I'm talking about developer tooling instead.
There was a problem hiding this comment.
I'm pretty sure @Hixie also meant devtools/error console when he wrote that. But I wouldn't mind changing the language in both places to be clearer.
There was a problem hiding this comment.
I agree with @zcorpan about the intent of that phrase. Even back in the old days only Internet Explorer would show such messages to end users in the main UI and everyone considered that bad practice. However, in most browsers users do have access to them if they open the developer tools.
This is a non-observable change that will allow HTML to provide events for tracking promise rejections, as outlined in https://github.com/domenic/unhandled-rejections-browser-spec. For more information on the original proposal and use cases (mostly on the HTML side), see https://lists.w3.org/Archives/Public/public-whatwg-archive/2014Sep/0024.html. The corresponding HTML pull request is at whatwg/html#224.
domenic
force-pushed
the
unhandledrejections
branch
from
39cda24
to
2e4c5b9
Compare
| <h6>The HostPromiseRejectionTracker implementation</h6> | ||
|
|
||
| <p>ECMAScript contains an implementation-defined HostPromiseRejectionTracker(<var>promise</var>, | ||
| <var>operation</var>) abstract operation. <ref spec=ECMA262> User agents must use the following |
There was a problem hiding this comment.
I think <ref> is consistently put at the end of the paragraph. Other than that, LGTM.
There was a problem hiding this comment.
I managed to find a single counterexample ("The value must be a valid BCP 47 language tag. [BCP47] ...") but you are in general right. Still, I think it would be too awkward to place it after the colon, so unless you have a better idea I think I'll keep it where it is.
Now just need @bterlson to merge tc39/ecma262#76!
There was a problem hiding this comment.
That counterexample seems more like an oversight given the other BCP 47 references. And when you search for : [ you'll find plenty of precedent.
domenic
force-pushed
the
unhandledrejections
branch
from
2e4c5b9
to
6c33f94
Compare
This new feature uses a pair of events on global scopes, viz. unhandledrejection and rejectionhandled, to allow authors to track unhandled promise rejections. The specification was originally drafted at https://github.com/domenic/unhandled-rejections-browser-spec in collaboration with @jeisinger and @bzbarsky. This feature depends on tc39/ecma262#76.
domenic
force-pushed
the
unhandledrejections
branch
from
6c33f94
to
61ccc05
Compare
This is a non-observable change that will allow HTML to provide events for tracking promise rejections, as outlined in https://github.com/domenic/unhandled-rejections-browser-spec. For more information on the original proposal and use cases (mostly on the HTML side), see https://lists.w3.org/Archives/Public/public-whatwg-archive/2014Sep/0024.html. The corresponding HTML pull request is at whatwg/html#224.
domenic
removed
the
do not merge yet
In #224 we had a brief discussion which concluded that these statements about error reporting really referred to a developer console. Alternately, maybe they are holdovers from the early days of the web when browsers did in fact show popups with every JavaScript error. Regardless, this uniformly updates all script error reporting to be to a developer console, instead of to the user.
In #224 we had a brief discussion which concluded that these statements about error reporting really referred to a developer console. Alternately, maybe they are holdovers from the early days of the web when browsers did in fact show popups with every JavaScript error. Regardless, this uniformly updates all script error reporting to be to a developer console, instead of to the user.
|
Could the event be provided with file and line properties? |
|
@DanielHerr a better avenue for that is to add file and line properties to all JavaScript errors, which is something that people are actively working to standardize in JavaScript. |
|
The problem with that is event.reason may be undefined or not an error object, leaving no way to detect the source of the error. |
|
Right, that's why you should always reject your promises with error objects. |
|
But it would be useful to catch instances where it is not an error object, just like onunhandledrejection is useful to catch promises that should have been .caught() |
|
I think in Chrome's devtools, we always expose the stack, whether you reject with an error or not |
Follows whatwg/html#224. Tests reviewed upstream in Chromium; small changes made to fit with web platform tests (e.g. avoiding duplicate test names).
The changes were merged into the WHATWG HTML Standard in whatwg/html#224. Change-Id: I21ca4eebdda22d4138ea844ccd6277b786bd5f36 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2951212 Commit-Queue: Timothy Gu <timothygu@chromium.org> Auto-Submit: Timothy Gu <timothygu@chromium.org> Reviewed-by: Domenic Denicola <domenic@chromium.org> Reviewed-by: Joey Arhar <jarhar@chromium.org> Cr-Commit-Position: refs/heads/master@{#891344}
The changes were merged into the WHATWG HTML Standard in whatwg/html#224. Change-Id: I21ca4eebdda22d4138ea844ccd6277b786bd5f36 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2951212 Commit-Queue: Timothy Gu <timothygu@chromium.org> Auto-Submit: Timothy Gu <timothygu@chromium.org> Reviewed-by: Domenic Denicola <domenic@chromium.org> Reviewed-by: Joey Arhar <jarhar@chromium.org> Cr-Commit-Position: refs/heads/master@{#891344} NOKEYCHECK=True GitOrigin-RevId: 8ceba2c5ea1d805abaabecfbc4c238141221426d
|
Excuse me for bringing this up again, but why doesn't the unhandledrejection handler return information on where the promise was rejected? I think this would be really necessary in many error monitoring cases where JavaScript primitives or objects (which don't include a stack trace) have caused an error. Even if it's not good practice, it can and often does happen. |
This new feature uses a pair of events on global scopes, viz. unhandledrejection and rejectionhandled, to allow authors to track unhandled promise rejections. The specification was originally drafted at https://github.com/domenic/unhandled-rejections-browser-spec in collaboration with @jeisinger and @bzbarsky.
This feature depends on tc39/ecma262#76 and shouldn't be merged until that is merged by @bterlson.
Although I feel pretty confident in the semantics here, given that we worked them out over in that repo (with tests!), I could use some careful editorial review.