Skip to content

Do not expose data urls in errors#3752

Merged
mitsuhiko merged 2 commits intomasterfrom
bugfix/data-urls-in-reporting
Jul 19, 2016
Merged

Do not expose data urls in errors#3752
mitsuhiko merged 2 commits intomasterfrom
bugfix/data-urls-in-reporting

Conversation

@mitsuhiko
Copy link
Contributor

@mitsuhiko mitsuhiko commented Jul 19, 2016
edited by dcramer
Loading

@getsentry/infrastructure

This change is Reviewable

benvinegar
benvinegar reviewed Jul 19, 2016
View reviewed changes
src/sentry/lang/javascript/processor.py
all_errors.append({
'type': EventError.JS_MISSING_SOURCE,
'url': force_bytes(abs_path, errors='replace'),
'url': expose_url(abs_path),
Copy link
Contributor

@benvinegar benvinegar Jul 19, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems only a matter of time that someone will create an error without using expose_url ... what if we funneled through a helper function?

Copy link
Contributor

@benvinegar benvinegar Jul 19, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e. can this be done in EventError?

@benvinegar
Copy link
Contributor

benvinegar commented Jul 19, 2016

Reviewed 2 of 2 files at r1.
Review status: all files reviewed at latest revision, 1 unresolved discussion, some commit checks failed.

Comments from Reviewable

@mitsuhiko mitsuhiko merged commit ef4e9ab into master Jul 19, 2016
@mitsuhiko mitsuhiko deleted the bugfix/data-urls-in-reporting branch July 19, 2016 20:24
dcramer
dcramer reviewed Jul 19, 2016
View reviewed changes
src/sentry/lang/javascript/processor.py
if url is None:
return u'<unknown>'
if url.startswith('data:'):
return u'<data url>'
Copy link
Member

@dcramer dcramer Jul 19, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe data:<redacted> would be better?

minor, and i dont care that much (esp since its merged already)

@mattrobenolt mattrobenolt mentioned this pull request Jul 22, 2016
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Dec 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mitsuhiko @benvinegar @dcramer