Currently WebCore::reportException can evaluate JavaScript when handling exceptions. The JS evaluation can itself throw an exception if running code in the page. For example: function MyError() { this.name = "MyErrorName"; this.message = "MyErrorMessage"; } MyError.prototype.toString = function() { throw "oops"; } function produceError() { throw new MyError(); } produceError(); WebCore::reportException call's this toString, and can potentially get values with hooks in valueOf as well. We should avoid running JS that can trigger its own exceptions if possible.
Chris is working on similar bugs in JSC, so reassigning to him.
Moving to the right component.
<rdar://problem/15796841>
Oliver had a suggestion on IRC: - if the exception object is a builtin Exception/Error object => directly get "message" property - if the exception object is a primitive => toString - otherwise, send the exception object to the inspector frontend like a console.log (RemoteObject) I think that is a good idea. This would nicely handle these cases: - SyntaxError / ReferenceError - throw 1, throw "test", ... - throw {a:1,b:2}, throw [1,2,3], throw new MyError()