Permalink
Browse files

feature #30024 [Debug] Display more details in the simple error page …

…of Debug (javiereguiluz)

This PR was squashed before being merged into the 4.3-dev branch (closes #30024).

Discussion
----------

[Debug] Display more details in the simple error page of Debug

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #29891
| License       | MIT
| Doc PR        | -

Note: this only changes the simple error page of Debug component, which is different from the full-featured error page of WebProfilerBundle.

-----

#29891 shows a confusing error page. In #29928 we improved the first error message displayed to the user. In this PR we implement @nicolas-grekas' idea to replace the generic error page title by a better error message. So, this PR + #29928 would fix #29891 to me.

### Before

![error-before](https://user-images.githubusercontent.com/73419/51920135-1519b500-23e5-11e9-99d6-e9b631b97499.png)

### After

![error-after](https://user-images.githubusercontent.com/73419/51920141-1945d280-23e5-11e9-97c3-49b2170dbd15.png)

Commits
-------

75ff151 [Debug] Display more details in the simple error page of Debug
  • Loading branch information...
nicolas-grekas committed Feb 7, 2019
2 parents e8c3f9e + 75ff151 commit a6a1be803d7e757cbfdf43b7d819e4c8a9d4e7d9
@@ -207,7 +207,7 @@ public function getContent(FlattenException $exception)
$title = 'Sorry, the page you are looking for could not be found.';
break;
default:
$title = 'Whoops, looks like something went wrong.';
$title = $this->debug ? $this->escapeHtml($exception->getMessage()) : 'Whoops, looks like something went wrong.';
}
if (!$this->debug) {
@@ -48,8 +48,17 @@ public function testDebug()
$handler->sendPhpResponse(new \RuntimeException('Foo'));
$response = ob_get_clean();
$this->assertContains('Whoops, looks like something went wrong.', $response);
$this->assertContains('<h1 class="break-long-words exception-message">Foo</h1>', $response);
$this->assertContains('<div class="trace trace-as-html">', $response);
// taken from https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
$htmlWithXss = '<body onload=alert(\'test1\')> <b onmouseover=alert(\'Wufff!\')>click me!</b> <img src="j&#X41vascript:alert(\'test2\')"> <meta http-equiv="refresh"
content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg">';
ob_start();
$handler->sendPhpResponse(new \RuntimeException($htmlWithXss));
$response = ob_get_clean();
$this->assertContains(sprintf('<h1 class="break-long-words exception-message">%s</h1>', htmlspecialchars($htmlWithXss, ENT_COMPAT | ENT_SUBSTITUTE, 'UTF-8')), $response);
}
public function testStatusCode()

0 comments on commit a6a1be8

Please sign in to comment.