Safari Web Extension Stack Traces Show webkit-masked-url://hidden/

[edgariscoding]

Is there an existing issue for this?

• I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
• I have reviewed the documentation https://docs.sentry.io/
• I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/browser

SDK Version

9.30.0

Framework Version

No response

Link to Sentry event

https://protego-app.sentry.io/issues/6701143246/?project=4508745977757696&query=release%3Acom.ArkonLabs.Protego.Extension.iOS%402.17%2B250622151608&referrer=release-issue-stream

Reproduction Example/SDK Setup

No response

Steps to Reproduce

I understand that Safari masks extension script URLs in Error.stack, resulting in webkit-masked-url://hidden/. Is there any known workaround or best practice to restore or improve stack trace resolution in Safari Web Extensions?

I would appreciate any input on:
• Whether urlPrefix, rewrite, or release config can help here.
• Any Sentry SDK settings or techniques that can circumvent Safari’s masking.
• Whether Safari’s behavior makes this fundamentally unsupported at the moment.

Thank you!

Expected Result

Sentry stack traces for my Safari Web Extension should show the correct filenames (e.g., background.js, content.js, etc.), and resolve using uploaded source maps when an error occurs in extension scripts.

Actual Result

Stack traces in Sentry display file URLs like this:

ReferenceError: Cannot access uninitialized variable.
  at ? (webkit-masked-url://hidden/:14677:28)
  at ? (webkit-masked-url://hidden/:16307:3)
  at global code(webkit-masked-url://hidden/:16309:12)

Even though:
• Source maps are uploaded and listed in the release files.
• Files appear correctly under the safari-web-extension:// prefix in the Sentry UI.
• I can see the full source in Safari Web Inspector → Sources tab.

Also: sentry-cli sourcemaps explain says the stack frame is from a <script> and cannot be resolved.

Resources % sentry-cli sourcemaps explain d21c9857506e4820abedc5b6e4255223 --project protego-ext --org protego-app
⚠ DEPRECATION: `sourcemaps explain` has drifted from how sourcemap processing actually operates and its output may not be accurate. It will be removed in a future version of `sentry-cli`.
✔ Fetched data for event: d21c9857506e4820abedc5b6e4255223
✔ Event has release name: com.ArkonLabs.Protego.Extension.iOS@2.17+250622151608
✔ Event has a valid exception present
✔ Event has a valid stacktrace present
✖ Selected frame (0) of event exception originates from the <script> tag, its not possible to resolve source maps
Resources % 

[s1gr1d]

This is a known limitation specific to Safari Web Extensions. Also see this discussion: #5875

Safari masks extension scripts URLs for security and privacy reasons.

You could try to wrap critical functions and add some more context to the error with data that is available (like the function name, message, sender, or the script name).

// in a catch block
catch (error) {      
      Sentry.withScope(scope => {
        scope.setTag('extension_script', scriptName);
        scope.setTag('function_name', functionName);
        scope.setContext('safari_extension', {
          masked_url: true,
          actual_script: scriptName
        });
        Sentry.captureException(error);
      });
      
      throw error; // Re-throw if needed
    }

[edgariscoding]

@s1gr1d thank you so much for the response, yeah I figured it was a limitation or "feature" of Safari web extensions. The discussion you linked mostly deals with people wanting to completely hide or filter out these errors from being logged, I actually want the opposite.

Your suggestion works for now, I've added tags as you suggested and it's much more helpful, at least now I have more context with the error.

I've also left a comment at:

https://bugs.webkit.org/show_bug.cgi?id=246010