Skip to content

script: Fix assertion failure when stringifying cross-origin location object#58948

Merged
servo-wpt-sync merged 3 commits into
web-platform-tests:masterfrom
servo:servo_export_43844
Apr 3, 2026
Merged

script: Fix assertion failure when stringifying cross-origin location object#58948
servo-wpt-sync merged 3 commits into
web-platform-tests:masterfrom
servo:servo_export_43844

Conversation

@servo-wpt-sync

@servo-wpt-sync servo-wpt-sync commented Apr 2, 2026

Copy link
Copy Markdown
Collaborator

This fixes the assertion failure (!JS_IsExceptionPending(*cx)) that happens when console.log() is called on a cross-origin location object (e.g. console.log(frame.contentWindow.location)).

The problem was that maybe_stringify_dom_object calls ToString on cross-origin objects, which throws a JS exception via the DissimilarOriginLocation stringifier. That exception was never cleared, so subsequent JS API calls would hit the assertion.

The fix refactors console_argument_from_handle_value using an inner/outer function pattern based on @jdm's suggestion:

  • The inner function returns Result<ConsoleArgument, ()> and returns Err(()) when console_object_from_handle_value returns None for an object, instead of falling through to stringify_handle_value which could trigger the same crash
  • The outer function catches the Err, reports any pending JS exception via report_pending_exception, and returns a fallback ConsoleArgument

Fixes #43530

Reviewed in servo/servo#43844

@servo-wpt-sync servo-wpt-sync mentioned this pull request Apr 2, 2026
Merged
@wpt-pr-bot wpt-pr-bot added the html label Apr 2, 2026
wpt-pr-bot
wpt-pr-bot approved these changes Apr 2, 2026
View reviewed changes

@wpt-pr-bot wpt-pr-bot left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Servo project.

@servo-wpt-sync servo-wpt-sync force-pushed the servo_export_43844 branch 2 times, most recently from 724e20c to 060b861 Compare April 3, 2026 08:34
@thebabalola @servo-wpt-sync
script: Add crash test for stringifying cross-origin location object
af9dbea 
Add a WPT crash test that loads a cross-origin iframe and calls
console.log on its location object, verifying that the browser
does not crash.

Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
@thebabalola @servo-wpt-sync
script: Add test path to lint.ignore and update WPT manifest
b789d8b 
Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
@thebabalola @servo-wpt-sync
script: Fix crash test by adding body element
f2eaef1 
The test script was running in the head, before the body existed,
so document.body.appendChild never added the iframe and the test
timed out.

Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
@servo-wpt-sync servo-wpt-sync merged commit 5025fd8 into web-platform-tests:master Apr 3, 2026
26 checks passed
@servo-wpt-sync servo-wpt-sync deleted the servo_export_43844 branch April 3, 2026 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees

No one assigned

Labels

html infra servo-export

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@servo-wpt-sync @wpt-pr-bot @thebabalola