Add information about loaded scripts to error reports

Add information to Sentry error reports about what JavaScript files were included on the page. I have a hypothesis that Sentry issues like https://sentry.io/organizations/hypothesis/issues/2528337318/events/e176f165836149b99d439fa71e69453c/?project=69811&query=is%3Aunresolved might be caused by unwanted `<script>` tags injected by extension or the browser. We try to block most unexpected scripts using strict Content-Security-Policy settings, but extension and custom browser-injected scripts may be able to bypass this.

Add information about loaded scripts to error reports
Add information to Sentry error reports about what JavaScript files were included on the page. I have a hypothesis that Sentry issues like https://sentry.io/organizations/hypothesis/issues/2528337318/events/e176f165836149b99d439fa71e69453c/?project=69811&query=is%3Aunresolved might be caused by unwanted `<script>` tags injected by extension or the browser. We try to block most unexpected scripts using strict Content-Security-Policy settings, but extension and custom browser-injected scripts may be able to bypass this.
da5c199d · Robert Knight · 2af4c9af · da5c199d · da5c199d
Commit da5c199d authored Aug 05, 2021 by Robert Knight
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 1 deletion

sentry.js src/sidebar/util/sentry.js +11 -0

sentry-test.js src/sidebar/util/test/sentry-test.js +12 -1

No files found.
--- a/src/sidebar/util/sentry.js
+++ b/src/sidebar/util/sentry.js
@@ -121,6 +121,17 @@ export function init(config) {
  // later when frames where the "annotator" code has loaded have connected to
  // the sidebar via `postMessage` RPC messages.
  Sentry.setExtra('document_url', document.referrer);
+  /** @param {HTMLScriptElement} script */
+  const isJavaScript = script =>
+    !script.type || script.type.match(/javascript|module/);
+  // Include information about the scripts on the page. This may help with
+  // debugging of errors caused by scripts injected by browser extensions.
+  const loadedScripts = Array.from(document.querySelectorAll('script'))
+    .filter(isJavaScript)
+    .map(script => script.src || '<inline>');
+  Sentry.setExtra('loaded_scripts', loadedScripts);
 }
 /**

--- a/src/sidebar/util/test/sentry-test.js
+++ b/src/sidebar/util/test/sentry-test.js
@@ -104,7 +104,7 @@ describe('sidebar/util/sentry', () => {
      );
    });
-    it('adds extra context to reports', () => {
+    it('adds "document_url" context to reports', () => {
      sentry.init({ dsn: 'test-dsn', environment: 'dev' });
      assert.calledWith(
        fakeSentry.setExtra,
@@ -113,6 +113,17 @@ describe('sidebar/util/sentry', () => {
      );
    });
+    it('adds "loaded_scripts" context to reports', () => {
+      sentry.init({ dsn: 'test-dsn', environment: 'dev' });
+      assert.calledWith(fakeSentry.setExtra, 'loaded_scripts');
+      const urls = fakeSentry.setExtra
+        .getCalls()
+        .find(call => call.args[0] === 'loaded_scripts').args[1];
+      assert.isTrue(urls.length > 0);
+      urls.forEach(url => assert.match(url, /<inline>|http:.*\.js/));
+    });
    function getBeforeSendHook() {
      return fakeSentry.init.getCall(0).args[0].beforeSend;
    }