public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pad: Improve rendering of uncaught exceptions 

* Use jQuery to build the message HTML so that special characters in
    the error message, URL, etc. are properly escaped. This helps
    avoid XSS vulnerabilities.
  * Use bold text for the error message to make it stand out.
  * Add a line break between the error message and "in <url> at line
    <line>" so that the error message stands out more.
  * Use `<p>...</p>` instead of `</br>` to separate the parts of the
    popup.
  * Use CSS for spacing instead of `</br>`.
  * Grammar fixes (add a missing comma, "at" instead of "in").
pull/4425/head
Richard Hansen 2020-10-19 20:25:08 -04:00 committed by John McLear
parent d35dbaaacc
commit 8463134125
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/static/js/pad_utils.js
View File

@ -484,7 +484,6 @@ function setupGlobalExceptionHandler() {
globalExceptionHandler = function test (msg, url, linenumber) globalExceptionHandler = function test (msg, url, linenumber)
{ {
var errorId = randomString(20); var errorId = randomString(20);
var userAgent = padutils.escapeHtml(navigator.userAgent);
var msgAlreadyVisible = false; var msgAlreadyVisible = false;
$('.gritter-item .error-msg').each(function() { $('.gritter-item .error-msg').each(function() {
@ -494,13 +493,19 @@ function setupGlobalExceptionHandler() {
}); });
if (!msgAlreadyVisible) { if (!msgAlreadyVisible) {
errorMsg = "<b>Please press and hold Ctrl and press F5 to reload this page</b></br> \ const txt = document.createTextNode.bind(document); // Convenience shorthand.
If the problem persists please send this error message to your webmaster: </br></br>\ const errorMsg = [
<div style='text-align:left; font-size: .8em'>\ $('<p>')
ErrorId: " + errorId + "<br>\ .append($('<b>').text('Please press and hold Ctrl and press F5 to reload this page')),
URL: " + padutils.escapeHtml(window.location.href) + "<br>\ $('<p>')
UserAgent: " + userAgent + "<br>\ .text('If the problem persists, please send this error message to your webmaster:'),
<span class='error-msg'>"+ msg + "</span> in " + url + " at line " + linenumber + '</div>'; $('<div>').css('text-align', 'left').css('font-size', '.8em').css('margin-top', '1em')
.append(txt(`ErrorId: ${errorId}`)).append($('<br>'))
.append(txt(`URL: ${window.location.href}`)).append($('<br>'))
.append(txt(`UserAgent: ${navigator.userAgent}`)).append($('<br>'))
.append($('<b>').addClass('error-msg').text(msg)).append($('<br>'))
.append(txt(`at ${url} at line ${linenumber}`)).append($('<br>')),
];
$.gritter.add({ $.gritter.add({
title: "An error occurred", title: "An error occurred",