We're considering an enhancement to collect error information from our Chrome Extension that I would like more information about.
We currently have an onError event handler that only collects file name and file number for the extension's background scripts. This is helpful, but I would more information.
I would like to collect the message and / or the stack trace information as well, but we're concerned that the additional information (message, & stack trace), could contain sensitive user data (URL's, etc.).
Is there any user data in the stack trace or message? (URL(s), HTTP request parms, etc.)
To be clear, in the onError event handler of the background page, we send an AJAX request to a server to log the error.
Generally stack traces could contain sensitive data, but most of them won't. The structure of your code is what will determine this. Look at stack traces in your code and determine if you need to sanitize them.
Related
Question in chrome.runtime.getBackgroundPage(...) and chrome.runtime.sendMessage(...).
The first allows you to get a link to the window background page, the second - to send a message to those who have subscribed to the event.
I feel that the second method is more correct to use, but I don’t have proof of that. On the contrary, I understand that sending messages and receiving a response is a serialization / deserialization of request and response in json, when, when we receive a background page, we get a link to it and it should theoretically be less expensive.
What is the right approach?
Any thoughts?
Spring integration really helps us a lot during application integration, it make us more focus on flow design.
However, we want to log all file processing steps and use log analytic tools to check how one specific file(message) been processed.
Question is how to log a grouping id for each message in order to group them for checking by another logging anlytic tools?
thanks
Consider to turn on Message History for your application. This way in the end of flow you can extract such a MessageHistory.HEADER_NAME with all the traveling information for the message.
Otherwise you really don't have choice unless to add some business header in the beginning of the flow and parse logs for such a common key.
I couldn't make a request to a remote server using JavaScript in the onload function due to access is denied insanity. So, just to make CRM obey, I set up an IFRAME and connect that to a HTML page running my JavaScript. Now, provided that I get some values inside the script (run in an IFRAME) how can I communicate them to a method in the holding parent?
Not quite sure how to explain it more detailed so please feel free to ask.
The access is denied is the Same Origin Policy. You're going to run into the same problem from the IFRAME unless you're serving the page or just the script src from the same server you're subsequently trying to make the AJAX request to.
Assuming you are doing the latter then you just need to make sure you have unchecked the "Restrict cross-frame scripting" option on the IFRAME you added to the CRM form. From the IFRAME you will now have access to your function that you've defined at global scope on the parent CRM form via window.parent.yourfunctionNameHere(xyz).
postMessage sounds like it might fit.
window.postMessage, when called, causes a MessageEvent to be dispatched at the target window when any pending script that must be executed completes (e.g. remaining event handlers if window.postMessage is called from an event handler, previously-set pending timeouts, etc.). The MessageEvent has the type message, a data property which is set to the string value of the first argument provided to window.postMessage, an origin property corresponding to the origin of the main document in the window calling window.postMessage at the time window.postMessage was called, and a source property which is the window from which window.postMessage is called.
To use window.postMessage, an event listener must be attached:
// Internet Explorer
window.attachEvent('onmessage',receiveMessage);
// Opera/Mozilla/Webkit
window.addEventListener("message", receiveMessage, false);
And a receiveMessage function must be declared:
function receiveMessage(event) {
// do something with event.data;
}
The off-site iframe must also send events properly via postMessage:
<script>window.parent.postMessage('foo','*')</script>
Any window may access this method on any other window, at any time, regardless of the location of the document in the window, to send it a message. Consequently, any event listener used to receive messages must first check the identity of the sender of the message, using the origin and possibly source properties. This cannot be understated: Failure to check the origin and possibly source properties enables cross-site scripting attacks.
Source: https://developer.mozilla.org/en/DOM/window.postMessage
Recently I had the joy of connecting to a web service and retrieve some data. When that’s been achieved, I found myself sitting on the said data not exactly knowing where to put it.
To make the long story short, I used the following source code.
parent.window.Xrm.Page.data.entity.attributes
.get("new_Konrad").setValue("Viltersten");
Notable is the fact that in order to communicate with the parent form, the HTML file (where my JavaScript resided), needed to be placed as a web resource within the CRM structure. By other words, just by pointing to an external “http://some.where/some.thing” we can consume a service but won’t be able to convey the obtained information up the CRM server, at least not when developing a solution for the on-line version.
I'm using the WebRequest API to modify requests that get sent by Chrome. In order to know how to rewrite the request I would like to know what's the frame URL that caused the outgoing request. I see I can get frame IDs and tab IDs, with which I could send a message to the content script to find out the URI. But since messaging is always asynchronous there seems to be no way to ensure that I get that information before the request gets sent.
This is for a testing tool, not something for regular users, so I wouldn't mind incurring some added latency. Does anyone know if there is there another way to do this? I tried using setTimeout but it's blocked by content security policy. Using referrer doesn't quite cut it because it's not set on HTTP requests coming from an HTTPS frame.
I am not sure if i fully understand what are you trying to accomplish, but here is what i think.
Scenario
Main frame google, sub frames facebook and twitter, and you want to modify any requests from the facebook frame !
If that's the case then here is what i am going to try;
1.Register the onCompleted event listener, which will be used to retrieve the completed requests info, i.e. url and frame id, and store them in an array.
2.Register the onBeforeSendHeaders event listener, which will be used to retrieve the request info and compare it against the one you stored in the previous step, if it passed you can modify the headers
So the code will go like this
onCompleted ({store the info -i.e. url and frame id- in an array},...)
onBeforeSendHeaders ({compare the frame id that made the request with the one stored before if they match modify the header},...)
Difference between your approach and the one i listed
In your approach you used asynchronous messages to retrieve info about the frame after the requests get sent, in my approach you will have those info ready for you with no need to do any farther messaging, so whenever a request happens you can use them immediately.
Hope you will find this helpful, good-luck.
My application page doesn't work correctly. In error log I could find this:
Detected use of SPRequest for previously closed SPWeb object. Please close SPWeb objects when you are done with all objects obtained from them, but not before.
In my application page in code behind I have all snippets of code in try-catch blocks.
The question is why when such situation(described in log) appears the control doesn't go to catch statment? Instead of that the internal SharePoint error appears on screen.
Regards
The reason it is not going to your catch block is because the message being logged is just a warning, it doesn't interrupt the execution of your code.
Use SPDisposeCheck to pinpoint the origin of the message.