Prevent debugging serialization to cause page to break (#574)

jonathanKingston · web-flow · commit 08146f311e82 · 2023-06-14T19:29:59.000+01:00
* Prevent debugging serialization to cause page to break

* Change to &lt;&gt; to assist debugging and also truncate large serializations before sending
diff --git a/src/utils.js b/src/utils.js
@@ -398,6 +398,27 @@ export function hasTaintedMethod (scope, shouldStackCheck = false) {
     return false
 }
 
+/**
+ * @param {*[]} argsArray
+ * @returns {string}
+ */
+function debugSerialize (argsArray) {
+    const maxSerializedSize = 1000
+    const serializedArgs = argsArray.map((arg) => {
+        try {
+            const serializableOut = JSON.stringify(arg)
+            if (serializableOut.length > maxSerializedSize) {
+                return `<truncated, length: ${serializableOut.length}, value: ${serializableOut.substring(0, maxSerializedSize)}...>`
+            }
+            return serializableOut
+        } catch (e) {
+            // Sometimes this happens when we can't serialize an object to string but we still wish to log it and make other args readable
+            return '<unserializable>'
+        }
+    })
+    return JSON.stringify(serializedArgs)
+}
+
 /**
  * @template {object} P
  * @typedef {object} ProxyObject<P>
@@ -440,7 +461,7 @@ export class DDGProxy {
                     kind: this.property,
                     documentUrl: document.location.href,
                     stack: getStack(),
-                    args: JSON.stringify(args[2])
+                    args: debugSerialize(args[2])
                 })
             }
             // The normal return value
