design-reviews#981: Call stacks in crash reports from unresponsive web pages

#981: Call stacks in crash reports from unresponsive web pages

Opened Aug 13, 2024

こんにちは TAG-さん!

I'm requesting a TAG review of Call stacks in crash reports from unresponsive web pages.

When a web page becomes unresponsive, it's often because of JavaScript code which is busy running an infinite loop or other very long computation. When a developer receives a report from the crash reporting API, and the reason is unresponsive, it would be very helpful to include the JS call stack from when the page was deemed unresponsive. This would let the website developer more easily find the find and fix the problem. What happens instead? The page reports that it was terminated due to being unresponsive, but the developer of the page has no further information about how to fix the problem.

Explainer¹ (minimally containing user needs and example code): https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/CrashReporting/AddStackToCrashReports.md
Specification URL: https://wicg.github.io/crash-reporting/
Tests: N/A
User research: N/A
Security and Privacy self-review²: https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/CrashReporting/security-privacy.md
GitHub repo: https://github.com/WICG/crash-reporting
Primary contacts (and their relationship to the specification):
- Ian Clelland (@clelland), Google, Author
- Issack John (@issackjohn) Microsoft
- Seth Brenith (@sethbrenith) Microsoft
Organization(s)/project(s) driving the specification: WICG/crash-reporting
Key pieces of existing multi-stakeholder (e.g. developers, implementers, civil society) support, review or discussion of this specification
Key pieces of multi-implementer support:
- Chromium comments: https://issues.chromium.org/issues/40268201
- Mozilla comments: https://github.com/mozilla/standards-positions/issues/1057
- WebKit comments: https://github.com/WebKit/standards-positions/issues/380
- etc...
External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): Chrome Status: https://chromestatus.com/feature/4731248572628992

Further details:

I have reviewed the TAG's Web Platform Design Principles
Relevant time constraints or deadlines:
The group where the work on this specification is currently being done: WICG Crash Reporting
The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): W3C Web Performance WG
Major unresolved issues with or opposition to this specification: N/A
This work is being funded by:

You should also know that...

Discussions

Discussed Sep 16, 2024 (See Github)

https://github.com/w3ctag/design-reviews-private-brainstorming/issues/1

Jeffrey: I'm generally favorable.

Peter: Will the browser pop up a request?

Jeffrey: I think the developers expect that not, but it could.

Tess: In the extension case, website users probably won't notice what it's revealing. But the UI could just say "these 5 extensions injected code and might be revealed." Don't rely solely on displaying the stack trace.

Peter: There's room for the UA to be smart. Don't want any crash report sent without my consent. Page should say "page requested a crash report", and let me say yes/no.

Tess: Good to let UAs compete on providing the most user-protecting interface. Spec should be clear enough about these concerns that a new naive engineer does something decent.

satisfied with concerns:

This looks like a worthwhile piece of information to show to developers. We agree with the privacy worries that these uploads might expose what extensions a user is running. We suspect this privacy risk is avoidable in two ways: First, you could automatically omit stacks if any extensions have injected content scripts. Second, you could prompt the user about whether they want to send the report, with a user-comprehensible explanation of what sensitive information's likely to be sent; for example the list of extensions that injected script.

Please continue discussing this in the WebPerf working group and the PING.

</blockquote>

Comment by @jyasskin Sep 18, 2024 (See Github)

This looks like a worthwhile piece of information to show to developers. We agree with the privacy worries that these uploads might expose what extensions a user is running. We suspect this privacy risk is avoidable in two ways: First, you could automatically omit stacks if any extensions have injected content scripts. Second, you could prompt the user about whether they want to send the report, with a user-comprehensible explanation of what sensitive information's likely to be sent: for example the list of extensions that injected script.

Please continue discussing this in the WebPerf working group and the PING.

Comment by @aluhrs13 Feb 19, 2025 (See Github)

@jyasskin - We'll talk more amongst implementers, WebPerfWG, etc. but what would TAG think of redacting the frames that have extensions instead of the entire stack?

With the scenarios this will serve, we expect that developers will aggregate and group based on the stacks. When doing that, there's going to be some amount of "unknown" where the UA didn't/couldn't get a stack, the site's processing pipeline fails, etc. Omitting the entire stack leaves the question of "Is this intentionally blank, or was there an issue in getting/processing it?"

Redacting only the frames from extensions would give the site details on something is negatively impacting something on their site with at least a vague pointer to the something on their site that they can look into is much better than nothing.

Comment by @jyasskin Feb 19, 2025 (See Github)

That's a plausible thing to investigate, but I think privacy-focused reviewers are more likely to be helpful than the TAG as a whole. Maybe ask the Privacy WG to review this?