On Fri, Jun 8, 2012 at 3:25 PM, Brandon Benvie <bran...@brandonbenvie.com> wrote: > You can get the arguments. Here's an example of getting more info out of a > try..catch: https://gist.github.com/2898384 > > Which results in error.stack being an array of objects like (function, > arguments, and receiver are actual function/array/object) > > { > function: <function>, > name: "InjectedScript._evaluateOn", > inferredName: "_evaluateOn", > arguments: <Array[5]>, > invocationType: "call", > receiver: <receiver>, > inferredType: "Object", > origin: undefined, > column: 33, > line: 343, > position: 12853, > type: "file" > };
Once again, exposing the actual arguments, receiver and function object references is a security issue and completely out of scope for this. This is not related to cross domain access but related to object capabilities. Here is an example of when this would be a security issue: function foo(secret) { 'use strict'; thirdPartyFunction(); } ... function thirdPartyFunction() { getStackTrace(new Error)[1].arguments[0]; // oops I just leaked the secret. } Any proposal that exposes argument values and/or object references are dead on arrival. -- erik _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss