Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): Ensure fill only patches functions #15632

Merged
merged 3 commits into from
Mar 11, 2025
Merged

Conversation

Lms24
Copy link
Member

@Lms24 Lms24 commented Mar 11, 2025

This PR adds a guard to our fill utility that we use to instrument/wrap methods defined on an object. However, due to a misleading type cast in fill we didn't check if the name of the method to be patched actually corresponded to a function on an object.

This was surfaced via #15552 where we'd call fill on window.history(pushState|replaceState) without checking if these two methods were actually available or functions.

Note: I initially solved this on the instrumentHistory level but then noticed that this is a more general bug in fill. Therefore I added some history-specific tests as well but I'd rather keep them than removing them. Fun fact: The more general fix saves ~8 Bytes of bundle size compared to my initial history-based fix 😅

closes #15552

@Lms24 Lms24 self-assigned this Mar 11, 2025
@@ -61,7 +61,7 @@ export function supportsDOMException(): boolean {
* @returns Answer to the given question.
*/
export function supportsHistory(): boolean {
return 'history' in WINDOW;
return 'history' in WINDOW && !!WINDOW.history;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Improved this check so that if history was undefined or null we'd also return false here

@Lms24 Lms24 requested review from lforst and andreiborza March 11, 2025 15:02
Copy link
Contributor

github-actions bot commented Mar 11, 2025

size-limit report 📦

Path Size % Change Change
@sentry/browser 23.15 KB +0.05% +10 B 🔺
@sentry/browser - with treeshaking flags 22.94 KB +0.06% +13 B 🔺
@sentry/browser (incl. Tracing) 36.21 KB +0.03% +9 B 🔺
@sentry/browser (incl. Tracing, Replay) 73.39 KB +0.02% +10 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 66.8 KB +0.02% +9 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas) 78.01 KB +0.02% +10 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback) 90.57 KB +0.02% +11 B 🔺
@sentry/browser (incl. Feedback) 40.3 KB +0.03% +10 B 🔺
@sentry/browser (incl. sendFeedback) 27.79 KB +0.04% +9 B 🔺
@sentry/browser (incl. FeedbackAsync) 32.58 KB +0.03% +10 B 🔺
@sentry/react 24.97 KB +0.04% +10 B 🔺
@sentry/react (incl. Tracing) 38.1 KB +0.03% +10 B 🔺
@sentry/vue 27.4 KB +0.05% +12 B 🔺
@sentry/vue (incl. Tracing) 37.9 KB +0.03% +9 B 🔺
@sentry/svelte 23.18 KB +0.05% +10 B 🔺
CDN Bundle 24.36 KB +0.05% +12 B 🔺
CDN Bundle (incl. Tracing) 36.26 KB +0.03% +11 B 🔺
CDN Bundle (incl. Tracing, Replay) 71.27 KB +0.02% +12 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) 76.44 KB +0.02% +12 B 🔺
CDN Bundle - uncompressed 71.19 KB +0.07% +49 B 🔺
CDN Bundle (incl. Tracing) - uncompressed 107.57 KB +0.05% +49 B 🔺
CDN Bundle (incl. Tracing, Replay) - uncompressed 218.84 KB +0.03% +49 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 231.4 KB +0.03% +49 B 🔺
@sentry/nextjs (client) 39.27 KB +0.04% +13 B 🔺
@sentry/sveltekit (client) 36.63 KB +0.03% +9 B 🔺
@sentry/node 142.15 KB +0.01% +5 B 🔺
@sentry/node - without tracing 95.58 KB +0.01% +4 B 🔺
@sentry/aws-serverless 119.92 KB +0.01% +4 B 🔺

View base workflow run

@Lms24
Copy link
Member Author

Lms24 commented Mar 11, 2025

I will rework this to more generally fix the wird behaviour in our fill patching utility.
EDIT: Done

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.

expect(WINDOW.history).toEqual({
replaceState: expect.any(Function), // patched function
pushState: undefined, // unpatched
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prior to this PR, pushState would have become a Function, resulting in the wrapper function calling undefined.apply on the "original function".

@Lms24 Lms24 changed the title fix(browser): Only patch available window.history properties fix(core): Ensure fill only patches functions Mar 11, 2025
@Lms24 Lms24 marked this pull request as ready for review March 11, 2025 15:24
Copy link
Member

@andreiborza andreiborza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, thanks for guarding this

@Lms24 Lms24 merged commit 47f95e5 into develop Mar 11, 2025
150 checks passed
@Lms24 Lms24 deleted the lms/fix-core-history-check branch March 11, 2025 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[@sentry-internal/browser-utils]: Cannot read properties of null (reading 'apply')
2 participants