offbeatmammal / jserrlog Goto Github PK
View Code? Open in Web Editor NEWJavascript utility to dynamically track and report errors in pages
Home Page: http://jserrlog.appspot.com
Javascript utility to dynamically track and report errors in pages
Home Page: http://jserrlog.appspot.com
When the onerror handler gets called with its fourth parameter colno, that should get included in jsErrLog's reporting.
It's currently supported by at least IE10 and Chrome from version 30.
I'd like to make it independent of jserrlog.appspot.com so that you can specify
<script type="text/javascript" src="jserrlog.js"></script>
<script type="text/javascript">
jsErrLog.url = 'http://www.yahoo.com/jslogger.php';
</script>
The downside is that is that people would have to add
<script type="text/javascript">
jsErrLog.url = 'http://jserrlog.appspot.com/logger.js';
</script>
after the <script/>-tag to be able to use your service.
However, the upside, which I think outweights the downside, is that it makes it possible to write a simple test that fetches a static JavaScript file and executes it from the checked out source (showing an alert, or similar). This makes it easy to test the code on multiple browsers (which there currently is no test coverage of).
My question it, would you be interested in such a pull request?
at the moment when dealing with minified JS jsErrLog is unable to provide any more intelligent backtracking to the original source error. Would be advantageous to provide the ability to point to the unminified source and (possibly knowing the compression technique) highlight the original source error in addition to the actual execution error.
Needs research ;)
I wonder if it would be possible to store the client IP and display it in the error reports next to the url. This could be (or should be) configurable since some sites may prefer not to store the ip address due to privacy concerns.
The script is not properly guarded against loading it more than once, if it is, the error reporting goes into an infinite loop and reports the first error over and over essentially halting the browser.
The variable fnPreviousOnErrorHandler is overwritten with the error handler of jsErrLog so that the method to call the previous handler will the own handler.
It would be best to put the whole script into the if (!jsErrLog) backets. This way only one "instance" is created and the variables are not overwritten when the script is accidentally loaded twice.
I have observed a lot of identical reports for a page where I assume some kind of javascript animation is wrong so that it references an undefined object on mouse movement or similar. It would be helpful if the reports already sent are stored and checked so that the same error isn't reported more than once.
We are big fans of jQuery and I stumbled across this post that talks about how to catch errors in jQuery. Obviously not everyone are interested in this, so I guess it would be a sub module (ie. imported after the jserrlog.js file).
However, I think this would be an awesome feature!
What license is this project under?
When passing the URL to the error reporting service there might be certain fields that - for security or clarity - may be better if stripped off.
suggestion is to add a simple array that lists the querystring parameters which should be removed from the URL when it is passed to the logging service. For robustness the replace should be case insensitive.
examples could include password hashes, sessionIDs, PII which should not be shared outside the system (though it should be noted that holding any PII on a querystring is a questionable action in itself outside a closed intranet environment)
Hey!
I noticed that you've written jsErrLog supports Firefox 4. Is there a specific reason why you left our Firefox 3.x? I have a test case (see pull request) that passes for Firefox 3.6.22, so maybe it should be added to the README file, too? Can you confirm that it works on your computer, too?
Regards,
Jens
Currently the reporting UI is very limited
Adding support for pagination and filtering would be a good first step
additional features could include
If a page is really buggy or if there is a bug in the jserr script itself (see my next report), there may be a lot of error reports which may slow down the browser. It would be good to limit the number of reports to e.g. 10 (or make the max number settable).
ytuytuytu
Has the code already been looked over regarding security issues? I only did a short overview and I think it might be useful to do that. Currently I didn't find any non-public communication channel (e.g. mail for security), I prefer not to say anything specific in the public issue tracker.
Give the proper example
When an error occurs in a file location that is an URL containing parameters, the & char will cut off the url at that place since escaping is not done on the string. I don't think this will cause any real errors (unless the url contains a ui or info parameter as well), but it would be better if the parameter is escaped as well.
the same goes for the err parameter
this is more of a nitpick than an actual issue, the limit of 2048 chars applies to GET, not to POST and the url that is requested by jserrlog is a GET
When reading the rss feed for a page, the link tag points to / as text and to the jserrlog.appspot.com/ in the link tag, I think it would be better to have the actual page link so you can click it.
at the moment payload is passed from front-end to backend via a dynamically injected script reference (which allows responses to be passed back). add option to also report via a request for an image (eg classic 1x1px gif) with no return payload
In the work project i have used jsErrLog, I see a lot of errors pertaining to doubleclick and other banner services, it would be useful to be able to ignore some domains so that the reports are not sent when the script location is from this domain
Similar to the existing XMPP support a facility to add notification via email would be beneficial
Would require similar functionality
I wonder if it would be better to have the same uid when more than one error is reported on a page for one user (e.g. the user causes 2 errors and then reloads the page, then we get 4 reports that are not properly connected since they have 4 different uids).
The php example on the docs page uses a pattern that is not xss safe, while this may not be directly exploitable if the report script is setting the correct content-type, it is still a good practice to provide safe examples (it might be exploitable if the content-type is text/html).
jsErrLog.removeScript(<?=$_GET['i']?>);
at least requires a regex check to avoid xss
<?
$i=$_GET['i'];
if(preg_match('/^[0-9]+$/',$i)===FALSE) [
$i=0;
}
?>
jsErrLog.removeScript(<?=$i?>);
(I hope I got the script correct, typed this from memory)
The current XMPP interface in the AppEngine component is limited in a number of respects
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.