Skip to content

script: Fix assertion failure when stringifying cross-origin location object#43844

Open
thebabalola wants to merge 3 commits intoservo:mainfrom
thebabalola:script/fix-cross-origin-console-stringify
Open

script: Fix assertion failure when stringifying cross-origin location object#43844
thebabalola wants to merge 3 commits intoservo:mainfrom
thebabalola:script/fix-cross-origin-console-stringify

Conversation

@thebabalola
Copy link
Copy Markdown
Contributor

@thebabalola thebabalola commented Apr 1, 2026

This fixes the assertion failure (!JS_IsExceptionPending(*cx)) that happens when console.log() is called on a cross-origin location object (e.g. console.log(frame.contentWindow.location)).

The problem was that maybe_stringify_dom_object calls ToString on cross-origin objects, which throws a JS exception via the DissimilarOriginLocation stringifier. That exception was never cleared, so subsequent JS API calls would hit the assertion.

The fix refactors console_argument_from_handle_value using an inner/outer function pattern based on @jdm's suggestion:

  • The inner function returns Result<ConsoleArgument, ()> and returns Err(()) when console_object_from_handle_value returns None for an object, instead of falling through to stringify_handle_value which could trigger the same crash
  • The outer function catches the Err, reports any pending JS exception via report_pending_exception, and returns a fallback ConsoleArgument

Fixes #43530

  • ./mach build -d does not report any errors
  • ./mach fmt produces no changes
  • There are tests for these changes

@thebabalola thebabalola requested a review from gterzian as a code owner April 1, 2026 19:52
@servo-highfive servo-highfive added the S-awaiting-review There is new code that needs to be reviewed. label Apr 1, 2026
jdm
jdm reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jdm jdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good! Can you write a test that uses https://github.com/web-platform-tests/wpt/blob/0f8fc11ddab5f0462806006b46e3b230f6e8a8d0/cors/preflight-failure.htm#L19 to create the cross-origin iframe? We can use a crash test for that, and it can go in tests/wpt/tests/html/browsers/history/the-location-interface

jdm
jdm approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jdm jdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent!

@servo-highfive servo-highfive removed the S-awaiting-review There is new code that needs to be reviewed. label Apr 2, 2026
@servo-wpt-sync servo-wpt-sync mentioned this pull request Apr 2, 2026
Open
@servo-wpt-sync
Copy link
Copy Markdown
Collaborator

servo-wpt-sync commented Apr 2, 2026

🤖 Opened new upstream WPT pull request (web-platform-tests/wpt#58948) with upstreamable changes.

@thebabalola
Copy link
Copy Markdown
Contributor Author

thebabalola commented Apr 2, 2026

Excellent!

appreciate the review.... would be waiting for CI to finish : )

@jdm
Copy link
Copy Markdown
Member

jdm commented Apr 2, 2026

Hmm, we will need to add the test path to

servo/tests/wpt/tests/lint.ignore

Line 132 in 78ffbe8

# Intentional use of console.*
to avoid one lint failure, then run ./mach update-manifest to fix the rest.

@servo-highfive servo-highfive added S-awaiting-review There is new code that needs to be reviewed. S-needs-rebase There are merge conflict errors. labels Apr 2, 2026
@servo-wpt-sync
Copy link
Copy Markdown
Collaborator

servo-wpt-sync commented Apr 2, 2026

📝 Transplanted new upstreamable changes to existing upstream WPT pull request (web-platform-tests/wpt#58948).

@jdm
Copy link
Copy Markdown
Member

jdm commented Apr 2, 2026

You will need to rebase to the latest changes in main and fix the conflict.

@thebabalola
script: Fix assertion failure when stringifying cross-origin location…
6ab1db0 
… object

Refactor console_argument_from_handle_value to use an inner function
that returns Result<ConsoleArgument, ()>. When console_object_from_handle_value
returns None for an object (e.g. a cross-origin location), the inner function
returns Err instead of falling through to stringify_handle_value which would
trigger the same assertion. The outer function reports any pending JS exception
and returns a fallback value.

Fixes servo#43530

Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
@thebabalola
script: Add crash test for stringifying cross-origin location object
8ccdb44 
Add a WPT crash test that loads a cross-origin iframe and calls
console.log on its location object, verifying that the browser
does not crash.

Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
@thebabalola
script: Add test path to lint.ignore and update WPT manifest
425c8ce 
Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
@thebabalola thebabalola force-pushed the script/fix-cross-origin-console-stringify branch from a3700b2 to 425c8ce Compare April 2, 2026 19:46
@servo-highfive servo-highfive removed the S-needs-rebase There are merge conflict errors. label Apr 2, 2026
@servo-wpt-sync
Copy link
Copy Markdown
Collaborator

servo-wpt-sync commented Apr 2, 2026

📝 Transplanted new upstreamable changes to existing upstream WPT pull request (web-platform-tests/wpt#58948).

@thebabalola
Copy link
Copy Markdown
Contributor Author

thebabalola commented Apr 2, 2026

with CI checks passing.... this should be ready to be merged...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdm jdm jdm approved these changes

@gterzian gterzian Awaiting requested review from gterzian gterzian is a code owner

Assignees

No one assigned

Labels

S-awaiting-review There is new code that needs to be reviewed.

Projects

None yet

Milestone

No milestone

4 participants

@thebabalola @servo-wpt-sync @jdm @servo-highfive