Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SourceURL support for scripts loaded by domManip using XHRs. #1733

Closed
mgol opened this issue Oct 20, 2014 · 10 comments
Closed

SourceURL support for scripts loaded by domManip using XHRs. #1733

mgol opened this issue Oct 20, 2014 · 10 comments
Assignees
Labels

Comments

@mgol
Copy link
Member

@mgol mgol commented Oct 20, 2014

Originally reported by vsevik@… at: http://bugs.jquery.com/ticket/11484

This ticket is inspired by discussion in Chrome Developer Tools mailing group:  https://groups.google.com/group/google-chrome-developer-tools/browse_thread/thread/e22f4cb5b0685dbd

SourceURL is a way to give a name to the script executed by eval() for debugging purposes. See  http://blog.getfirebug.com/2009/08/11/give-your-eval-a-name-with-sourceurl/

Adding sourceURL to scripts loaded by domManip would make debugging easier. example: $('head').append('<script src="test.js'></script>');

Similar (but different) request http://bugs.jquery.com/ticket/8292 was closed as wontfix earlier, so some comments on the reasons mentioned there:

This is a functionality that:

  • only developers will need while debugging

Yes, but is very valuable for developers and it comes with virtually zero cost for users.

  • is only useful for Chrome users

sourceURL is supported by Firefox and WebKit (Chrome, Safari) which makes together more than 60% of browser market share.

  • is of limited use as the names would need to be randomly generated

In the example mentioned above the url could and should be taken from the src attribute of the script tag. This is the same url the script was loaded from.

Vsevolod Vlasov, webkit reviewer

Issue reported for jQuery 1.7.1

@mgol mgol added this to the 3.0.0 milestone Oct 20, 2014
@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: dmethvin

Worth investigating.

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: jaubourg

I'll look into it

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: dmethvin

Bulk change from enhancement to feature.

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: dmethvin

Ref  https://github.com/jquery/jquery/pull/1099

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: dmethvin

Just a note after a quick look at that pull request. It's possible we might open up security holes by adding this if we're not careful with the sourceURL string and it has a newline. We also need to be alert for the IE conditional javascript bug, see #13274.

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: m_gol

As for the IE conditional compilation bug, fortunately that's behind us - the recent sourcemap specification changes also changed the //@ sourceURL= to //# sourceURL=.

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: dmethvin

If we switch to always using <script> tags for running code, we get this for free. I don't think the remaining use cases warrant a change to globalEval. See  https://github.com/jquery/jquery/pull/1449 for tradeoffs.

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: paul.irish

This one just came up again:  https://code.google.com/p/chromium/issues/detail?id=365645

I believe that with wither globalEval or a script tag the script will not have a real name that's debuggable in browser devtools. @sourceURL has strong x-browser support and would allow you to inject a filename for all injected scripts which would allow them to participate like real files.

@mgol

This comment has been minimized.

Copy link
Member Author

@mgol mgol commented Oct 20, 2014

Comment author: dmethvin

See #14757, but since it's a feature I'll leave it open separately. I don't think we'd retain the globalEval method just so we could inject a #sourceURL comment, but if the user has added one the script tag method should use it.

@mgol mgol added the Feature label Oct 21, 2014
@dmethvin

This comment has been minimized.

Copy link
Member

@dmethvin dmethvin commented Jan 7, 2015

Since we are not using eval for inline scripts after landing gh-1449, this ticket no longer applies.

@dmethvin dmethvin closed this Jan 7, 2015
@dmethvin dmethvin removed this from the 3.0.0 milestone Jan 7, 2015
@lock lock bot locked as resolved and limited conversation to collaborators Jun 20, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
3 participants
You can’t perform that action at this time.