The stack trace of a SecurityError is not reported #3119
Description
- Review the documentation: https://docs.sentry.io/
- Search for existing issues: https://github.com/getsentry/sentry-javascript/issues
- Use the latest release: https://github.com/getsentry/sentry-javascript/releases
- Provide a link to the affected event from your Sentry account:
https://sentry.io/organizations/wessel-kroos/issues/2083604370
Package + Version
-
@sentry/browser -
@sentry/node -
raven-js -
raven-node(raven for node) - other:
Version:
5.29.0
Description
A DOMException with the name SecurityError contains a stack in Chromium. This stack is not reported to Sentry.
Example of the exception:
DOMException:
code: 18
message: "Failed to execute 'getImageData' on 'OffscreenCanvasRenderingContext2D': The canvas has been tainted by cross-
origin data."
name: "SecurityError"
stack: "Error: Failed to execute 'getImageData' on 'OffscreenCanvasRenderingContext2D': The canvas has been tainted by cross-origin data.↵ at Extension.function3 (/scripts.js:5825:51)↵ at Extension.function2 (/scripts.js:4328:18)↵ at Extension.function1 (/scripts.js:4290:18)"
Debugging info
While debugging the script of @sentry/browser I noticed the following code prevents the stack trace from being included in the event:
function eventFromUnknownInput(exception, syntheticException, options) {
...
f (isErrorEvent(exception) && exception.error) { // isErrorEvent = false && exception.error = undefined
... // In this case the stack trace would be attached to the event
}
if (isDOMError(exception) || isDOMException(exception)) { // isDOMError = false || isDOMException = true
...
return event; // This event is returned. And in this case the stack trace is NOT attached to the event
}
}How to reproduce
- Create a video element with a src attribute that contains a url from another domain than the current webpage.
- Draw the video to a canvas element via the drawImage function.
- Execute the getImageData function on that canvas