[Webkit-unassigned] [Bug 177353] New: Web Inspector: do not evaluate functions in the console unless requested

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 22 03:54:18 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=177353

            Bug ID: 177353
           Summary: Web Inspector: do not evaluate functions in the
                    console unless requested
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Inspector
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mroberts at twilio.com
                CC: inspector-bugzilla-changes at group.apple.com

Reproduction Steps:

  1. Write the function `foo` in the console. Type out the following and hit enter:

    function foo() {
      console.log('foo')
      throw new Error('bar')
    }

  2. Next, type out the following. Do not hit enter:

    foo().

Expected Result:

  Nothing happens.

Actual Result:

  * The console prints "foo".
  * The console does not print the error.

---

I think this is problematic behavior because the function being evaluated could have side-effects the developer did not intend the browser to execute (after all, that is what "enter" is for, right?). In the example I shared, the side-effect is just printing to the console, but in general could be anything. What if the developer is typing out some code that will make a REST request? Update LocalStorage? etc. This could be destructive.

Here is another side-effect (and how I discovered this issue): consider what happens if a developer wants to explore the getUserMedia API in the browser console. She may start typing the expression

  navigator.mediaDevices.getUserMedia({ video: true }).then(stream => ...

But, when she types the third period there (right before `then`), an "Allow 'localhost' to your camera?" prompt pops up. I do not think it is a good developer experience.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170922/347d457a/attachment.html>

More information about the webkit-unassigned mailing list