-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #1282 #1288
Fixes #1282 #1288
Conversation
return err.url ? new URL(err.url).host === pageHost : true; | ||
|
||
// If the violation doesn't have a valid url, don't filter it out, but | ||
// warn the user that we don't know what the callsite is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one could argue this is ripe for a helper refactor, but we only have 2 atm. Don't think that warrants it just yet.
I like the idea of this fix. The try catch covers all our errors but might it be better to add this check inside the error capture as well? So we can mimic it as an eval but say extension? |
@wardpeet do you mean why isn't this inside of driver.js? One reason I kept it in the audits is because we have some |
Looking through https://github.com/GoogleChrome/lighthouse/blob/master/lighthouse-core/gather/driver.js#L740 while (callFrame.isEval()) {
callFrame = callFrame.getEvalOrigin();
} Seems like that would solve the regarding lighthouse/lighthouse-core/gather/driver.js Line 751 in 39cc6a7
<anonymous>:1:1 . I guess you want those filtered out anyway.
|
@ebidel sorry should have been a bit more clear. Whenever we write more and more audits that rely on the captureJSCallUsage, it might be ok to also add a check for "extensions" like we do with eval. we could add an extra parameter but for now just mimic eval.
|
+1 to seeing if there's a way to identify scripts originating from extensions. Ideally we should ignore those usages entirely and treat them as if they were disabled if we can't actually disable them temporarily? (which seems like a bad idea for extensions to have permission to do anyway) |
PTAL. We're now catching and filtering out crx usage. I've verified this PR works against dbw_tester.html and the original page posted in comment 1 (https://geda.nkenspen.de/), with and without the redux crx enabled. |
@ebidel const callFrame = structStackTrace[1];
if (callFrame.isEval()) {
callFrame = callFrame.getEvalOrigin();
}
let url = callFrame.getFileName();
const line = callFrame.getLineNumber();
const col = callFrame.getColumnNumber();
const stackTrace = structStackTrace.slice(1).map(callsite => callsite.toString()); After this you can drop the whole |
@Janpot that may be, but the I tried your snippet, but it misses some of the eval'd lines in dbw_tester.html
The approach in this PR produces the correct results for all cases. Here's the artifact list sent to the audits: |
'were made by this page. It\'s possible a Chrome extension' + | ||
'content script or other eval\'d code is calling this API.'; | ||
} | ||
return true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: move to inside catch block? feels a bit like if () { return cond } else { } return true
atm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
// stack trace to give some context: eval(<context>):<line>:<col> | ||
// If we don't have an URL, (e.g. eval'd code), use the 2nd entry in the | ||
// stack trace. First is eval context: eval(<context>):<line>:<col>. | ||
// Second is the callsite where eval was called. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice I like this improvement
@@ -108,6 +108,7 @@ | |||
return Date.now(); | |||
} | |||
helloDate(); | |||
const d = Date.now(); // FAIL | |||
eval('Date.now()'); // FAIL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given our fail/no fail smoke tests right now, what benefit does this add? (seems like we'd be unable to catch eval
not working here too actually)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not much, just wanted to check that Date.now()
outside of an inner function was also producing results. Until smokehouse audits number of violations, this won't do much other than a manual verify.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
alright just checking, sg
@ebidel You are right, I tried and it turns out |
@Janpot going to keep the existing behavior as is. We were returning the first entry of eval'd stack traces before this PR (as opposed to regex'ing out URL patterns). It's been my experience that DevTools doesn't always give us a well defined URL. |
sure, you could always fall back on the first entry if a regex parse doesn't return a valid url |
* Fixes GoogleChrome#1282 * Use getEvalOrigin and filter out crx usage * feedback
R: @brendankenny
You can test against https://geda.nkenspen.de/ to trigger the
debugString
path. DBW tester won't surface it partly because of #1286.