Error stack

Erik Arvidsson erik.arvidsson at
Fri Jun 8 15:50:53 PDT 2012

On Fri, Jun 8, 2012 at 3:25 PM, Brandon Benvie
<brandon at> wrote:
> You can get the arguments. Here's an example of getting more info out of a
> try..catch:
> Which results in error.stack being an array of objects like (function,
> arguments, and receiver are actual function/array/object)
> {
>   function: <function>,
>   name: "InjectedScript._evaluateOn",
>   inferredName: "_evaluateOn",
>   arguments: <Array[5]>,
>   invocationType: "call",
>   receiver: <receiver>,
>   inferredType: "Object",
>   origin: undefined,
>   column: 33,
>   line: 343,
>   position: 12853,
>   type: "file"
> };

Once again, exposing the actual arguments, receiver and function
object references is a security issue and completely out of scope for
this. This is not related to cross domain access but related to object

Here is an example of when this would be a security issue:

function foo(secret) {
  'use strict';


function thirdPartyFunction() {
  getStackTrace(new Error)[1].arguments[0]; // oops I just leaked the secret.

Any proposal that exposes argument values and/or object references are
dead on arrival.


More information about the es-discuss mailing list