On Thu, Feb 6, 2020 at 3:12 PM Boris Zbarsky <[email protected]> wrote: > I would really like to get to the point where when web developers see > errors in their console they don't have to guess what caused those > errors, and having meaningful messages is the simplest way to get there.
This is a great goal and we should definitely improve our error messages, but I continue to be worried about exposing more data there than is advisable from a security/privacy standpoint. In particular as from a developer ergonomics standpoint it can be hugely valuable to include such data. (Since I raised this last time we actually had a security bug related to this.) I don't know how much work this is, but ideally the signature is something like throwType(safeMessage, consoleMessage), whereby consoleMessage defaults to safeMessage or some such. This would allow for exposing confidential data to developers when debugging locally and keeps user data secure/private (assuming all callers are holding it correctly and get reviewed as such). _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
