New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sourcemap offset fix (improved) #303
Conversation
... dividing by two yields bogus offsets for multi-character adjustments, leading to invalid sourcemaps with negative column positions
+1 for getting this merged! |
Bump for merge! |
👍 |
It's a pretty big patch and I don't understand what it fixes. Can you detail? |
First one fixes an incorrect offset when quotes are used around the keys of object literals. Next few commits escape various characters that otherwise lead to broken source-maps. |
Many of these were discovered minifying popular libraries like jquery and lodash, stepping through the maps (chrome debugger), and through trial and error, realizing what characters led to unusable source maps. |
So you're saying that for |
Yep, the last commit does that (instead of pointing into the middle of the token). Without it, the offset sequence was getting disrupted on multi-character adjustments, causing invalid source maps. |
Sorry, I'm still not convinced. Can you show an example that leads to a broken source map? Also, I feel it's not correct in the example I gave to have the Your last commit fixes something introduced by an earlier commit in this pull request — but I'm asking why is this pull request necessary at all. How is UglifyJS currently broken? |
Here's a boiled-down example:
When I uglify using the current tip of
the result fails the source map validator: http://sourcemap-validator.herokuapp.com/validate?url=http%3A%2F%2Foneoff.datamarket.com%2Fuglify-303.min.js and also Sentry fails to use it (so it is unlikely to be just a glitch in the validator). When I uglify using a checkout of this pull request:
the result passes the source map validator: http://sourcemap-validator.herokuapp.com/validate?url=http%3A%2F%2Foneoff.datamarket.com%2Fuglify-303.patched.min.js and in the real-life scenario from which this was boiled down, Sentry successfully applies the source map. |
My real-life example: browserify source maps don't work if the source files contain maps of lodash, jquery from uglify because the offsets are wrong (new lines when there are none, etc). |
Maybe the problem is that I pass a Again I must stress that it feels wrong for the mapping of an element to point inside a token (which in this case is a string). It's the first time I ever hear about Sentry and I couldn't care less about source map validation when the spec itself is pretty unclear, so please allow me to be cautious about “fixing” something I consider a non-issue… Still open to discuss though. |
The last commit was indeed a fix to the first one; I've posted a squashed version of this pull request in case you prefer that. |
... like mishoo#303, except without offsetting past the initial quote character. (That offset doesn't seem to be necessary)
Yeah, probably. (Though I really don't feel strongly either way — I didn't introduce that offset, I just corrected it from @ben-ng's original
The spec is indeed unclear, but I am pretty sure this is an issue — because it doesn't just corrupt the offset to that one token, it corrupts the whole offset sequence for the remainder of the source map. The proof is in the pudding of using the source map; for me that's Sentry, but you probably have some other consumer of source maps in mind. Does that tool handle http://oneoff.datamarket.com/uglify-303.min.js with its source map correctly? (You probably need a less stripped-down test case to verify that — you ought to be able to reproduce this problem in any codebase you're already testing source maps on, by just sticking an object literal in the code somewhere, containing keys with escaped characters in them, like the one in uglify-303.js) |
That would be a serious bug indeed, but it doesn't seem to be the case. (it's actually not possible, by design). Check this demo: http://lisperator.net/uglifyjs/#demo (use Chrome or FF, I'm not sure it works with other browsers) Paste this code on the left side: (function(){
var something = {
"foo": 1
};
var anotherthing = "test";
console.log(something);
console.log(anotherthing);
})(); then click "Uglify!". The left side will turn into a syntax-highlighting editor, and you'll get the minified code on the right side, which looks like this: !function(){var o={foo:1},t="test"
console.log(o),console.log(t)}() If you now click tokens on the right side, the left side editor will focus/highlight the corresponding token in the original source. Try clicking on:
This proves a couple of things:
|
Indeed I can't reproduce it now (the corruption of the whole subsequent offset sequence), so I can't claim with any conviction that it wasn't just me making a mistake in testing, earlier. Sorry about that! I hadn't tried out the Chrome dev tools built-in support; that indeed parses my source maps without problems, built with or without this patch. So it's starting to look like the problem really is in sourcemap-validator.herokuapp.com and in |
I'm closing this for now. If the issue persists, please let us know! |
Improved version of #268, working for my codebase.