From bd44367abffae68c209a39909d3525bd6994d8d0 Mon Sep 17 00:00:00 2001 From: IceCola <739201322@qq.com> Date: Fri, 7 Jun 2024 22:59:36 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=B2=99=E7=9B=92?= =?UTF-8?q?=E5=86=85=E6=8A=A5=E9=94=99=E6=98=BE=E7=A4=BA=EF=BC=8C=E6=96=B9?= =?UTF-8?q?=E4=BE=BF=E8=B0=83=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- noname/init/index.js | 243 ++++++++++++++++++------------------- noname/util/error.js | 244 ++++++++++++++++++++++++++++++++++++++ noname/util/initRealms.js | 6 +- noname/util/sandbox.js | 73 ++++++++---- 4 files changed, 421 insertions(+), 145 deletions(-) create mode 100644 noname/util/error.js diff --git a/noname/init/index.js b/noname/init/index.js index 78464e3fa..b27b443b4 100644 --- a/noname/init/index.js +++ b/noname/init/index.js @@ -11,6 +11,7 @@ import { promiseErrorHandlerMap } from "../util/browser.js"; import { importCardPack, importCharacterPack, importExtension, importMode } from "./import.js"; import { onload } from "./onload.js"; import { initializeSandboxRealms } from "../util/initRealms.js"; +import { ErrorManager } from "../util/error.js"; // 判断是否从file协议切换到http/s协议 export function canUseHttpProtocol() { @@ -96,7 +97,7 @@ export function sendUpdate() { const cp = require("child_process"); cp.exec( `start /min ${__dirname}\\noname-server.exe -platform=electron`, - (err, stdout, stderr) => {} + (err, stdout, stderr) => { } ); return `http://localhost:8089/app.html?sendUpdate=true`; } @@ -664,7 +665,7 @@ export async function boot() { if (isFirstStartAfterUpdate && extErrorList.length) { const stacktraces = extErrorList.map(e => e instanceof Error ? e.stack : String(e)).join("\n\n") // game.saveConfig("update_first_log", stacktraces); - if(confirm(`扩展加载出错!是否重新载入游戏?\n本次更新可能导致了扩展出现了错误:\n\n${stacktraces}`)){ + if (confirm(`扩展加载出错!是否重新载入游戏?\n本次更新可能导致了扩展出现了错误:\n\n${stacktraces}`)) { game.reload(); clearTimeout(resetGameTimeout); return; @@ -1021,137 +1022,141 @@ async function setOnError() { window.onerror = function (msg, src, line, column, err) { if (promiseErrorHandler.onErrorPrepare) promiseErrorHandler.onErrorPrepare(); - const winPath = window.__dirname - ? "file:///" + (__dirname.replace(new RegExp("\\\\", "g"), "/") + "/") - : ""; - let str = `错误文件: ${ - typeof src == "string" - ? decodeURI(src).replace(lib.assetURL, "").replace(winPath, "") - : "未知文件" - }`; - str += `\n错误信息: ${msg}`; - const tip = lib.getErrorTip(msg); - if (tip) str += `\n错误提示: ${tip}`; - str += `\n行号: ${line}`; - str += `\n列号: ${column}`; - const version = typeof lib.version != "undefined" ? lib.version : ""; - const reg = /[^\d.]/; - const match = version.match(reg) != null; - str += "\n" + `${match ? "游戏" : "无名杀"}版本: ${version || "未知版本"}`; - if (match) - str += - "\n⚠️您使用的游戏代码不是源于libccy/noname无名杀官方仓库,请自行寻找您所使用的游戏版本开发者反馈!"; - if (_status && _status.event) { - let evt = _status.event; - str += `\nevent.name: ${evt.name}\nevent.step: ${evt.step}`; - // @ts-ignore - if (evt.parent) - str += `\nevent.parent.name: ${evt.parent.name}\nevent.parent.step: ${evt.parent.step}`; - // @ts-ignore - if (evt.parent && evt.parent.parent) - str += `\nevent.parent.parent.name: ${evt.parent.parent.name}\nevent.parent.parent.step: ${evt.parent.parent.step}`; - if (evt.player || evt.target || evt.source || evt.skill || evt.card) { - str += "\n-------------"; - } - if (evt.player) { - if (lib.translate[evt.player.name]) - str += `\nplayer: ${lib.translate[evt.player.name]}[${evt.player.name}]`; - else str += "\nplayer: " + evt.player.name; - let distance = get.distance(_status.roundStart, evt.player, "absolute"); - if (distance != Infinity) { - str += `\n座位号: ${distance + 1}`; + const errorReporter = ErrorManager.getErrorReporter(err); + if (errorReporter) game.print(errorReporter.report("沙盒内部执行的代码出现错误")); + else { + const winPath = window.__dirname + ? "file:///" + (__dirname.replace(new RegExp("\\\\", "g"), "/") + "/") + : ""; + let str = `错误文件: ${ + typeof src == "string" + ? decodeURI(src).replace(lib.assetURL, "").replace(winPath, "") + : "未知文件" + }`; + str += `\n错误信息: ${msg}`; + const tip = lib.getErrorTip(msg); + if (tip) str += `\n错误提示: ${tip}`; + str += `\n行号: ${line}`; + str += `\n列号: ${column}`; + const version = typeof lib.version != "undefined" ? lib.version : ""; + const reg = /[^\d.]/; + const match = version.match(reg) != null; + str += "\n" + `${match ? "游戏" : "无名杀"}版本: ${version || "未知版本"}`; + if (match) + str += + "\n⚠️您使用的游戏代码不是源于libccy/noname无名杀官方仓库,请自行寻找您所使用的游戏版本开发者反馈!"; + if (_status && _status.event) { + let evt = _status.event; + str += `\nevent.name: ${evt.name}\nevent.step: ${evt.step}`; + // @ts-ignore + if (evt.parent) + str += `\nevent.parent.name: ${evt.parent.name}\nevent.parent.step: ${evt.parent.step}`; + // @ts-ignore + if (evt.parent && evt.parent.parent) + str += `\nevent.parent.parent.name: ${evt.parent.parent.name}\nevent.parent.parent.step: ${evt.parent.parent.step}`; + if (evt.player || evt.target || evt.source || evt.skill || evt.card) { + str += "\n-------------"; + } + if (evt.player) { + if (lib.translate[evt.player.name]) + str += `\nplayer: ${lib.translate[evt.player.name]}[${evt.player.name}]`; + else str += "\nplayer: " + evt.player.name; + let distance = get.distance(_status.roundStart, evt.player, "absolute"); + if (distance != Infinity) { + str += `\n座位号: ${distance + 1}`; + } + } + if (evt.target) { + if (lib.translate[evt.target.name]) + str += `\ntarget: ${lib.translate[evt.target.name]}[${evt.target.name}]`; + else str += "\ntarget: " + evt.target.name; + } + if (evt.source) { + if (lib.translate[evt.source.name]) + str += `\nsource: ${lib.translate[evt.source.name]}[${evt.source.name}]`; + else str += "\nsource: " + evt.source.name; + } + if (evt.skill) { + if (lib.translate[evt.skill]) str += `\nskill: ${lib.translate[evt.skill]}[${evt.skill}]`; + else str += "\nskill: " + evt.skill; + } + if (evt.card) { + if (lib.translate[evt.card.name]) + str += `\ncard: ${lib.translate[evt.card.name]}[${evt.card.name}]`; + else str += "\ncard: " + evt.card.name; } } - if (evt.target) { - if (lib.translate[evt.target.name]) - str += `\ntarget: ${lib.translate[evt.target.name]}[${evt.target.name}]`; - else str += "\ntarget: " + evt.target.name; - } - if (evt.source) { - if (lib.translate[evt.source.name]) - str += `\nsource: ${lib.translate[evt.source.name]}[${evt.source.name}]`; - else str += "\nsource: " + evt.source.name; - } - if (evt.skill) { - if (lib.translate[evt.skill]) str += `\nskill: ${lib.translate[evt.skill]}[${evt.skill}]`; - else str += "\nskill: " + evt.skill; - } - if (evt.card) { - if (lib.translate[evt.card.name]) - str += `\ncard: ${lib.translate[evt.card.name]}[${evt.card.name}]`; - else str += "\ncard: " + evt.card.name; - } - } - str += "\n-------------"; - if ( - typeof line == "number" && - (typeof Reflect.get(game, "readFile") == "function" || location.origin != "file://") - ) { - const createShowCode = function (lines) { - let showCode = ""; - if (lines.length >= 10) { - if (line > 4) { - for (let i = line - 5; i < line + 6 && i < lines.length; i++) { - showCode += `${i + 1}| ${line == i + 1 ? "⚠️" : ""}${lines[i]}\n`; + str += "\n-------------"; + if ( + typeof line == "number" && + (typeof Reflect.get(game, "readFile") == "function" || location.origin != "file://") + ) { + const createShowCode = function (lines) { + let showCode = ""; + if (lines.length >= 10) { + if (line > 4) { + for (let i = line - 5; i < line + 6 && i < lines.length; i++) { + showCode += `${i + 1}| ${line == i + 1 ? "⚠️" : ""}${lines[i]}\n`; + } + } else { + for (let i = 0; i < line + 6 && i < lines.length; i++) { + showCode += `${i + 1}| ${line == i + 1 ? "⚠️" : ""}${lines[i]}\n`; + } } } else { - for (let i = 0; i < line + 6 && i < lines.length; i++) { - showCode += `${i + 1}| ${line == i + 1 ? "⚠️" : ""}${lines[i]}\n`; + showCode = lines + .map((_line, i) => `${i + 1}| ${line == i + 1 ? "⚠️" : ""}${_line}\n`) + .toString(); + } + return showCode; + }; + //协议名须和html一致(网页端防跨域),且文件是js + if (typeof src == "string" && src.startsWith(location.protocol) && src.endsWith(".js")) { + //获取代码 + const codes = lib.init.reqSync( + "local:" + decodeURI(src).replace(lib.assetURL, "").replace(winPath, "") + ); + if (codes) { + const lines = codes.split("\n"); + str += "\n" + createShowCode(lines); + str += "\n-------------"; + } + } + //解析parsex里的content fun内容(通常是技能content) + // @ts-ignore + else if ( + err && + err.stack && + ["at Object.eval [as content]", "at Proxy.content"].some((str) => { + let stackSplit1 = err.stack.split("\n")[1]; + if (stackSplit1) { + return stackSplit1.trim().startsWith(str); } + return false; + }) + ) { + const codes = _status.event.content; + if (typeof codes == "function") { + const lines = codes.toString().split("\n"); + str += "\n" + createShowCode(lines); + str += "\n-------------"; } - } else { - showCode = lines - .map((_line, i) => `${i + 1}| ${line == i + 1 ? "⚠️" : ""}${_line}\n`) - .toString(); - } - return showCode; - }; - //协议名须和html一致(网页端防跨域),且文件是js - if (typeof src == "string" && src.startsWith(location.protocol) && src.endsWith(".js")) { - //获取代码 - const codes = lib.init.reqSync( - "local:" + decodeURI(src).replace(lib.assetURL, "").replace(winPath, "") - ); - if (codes) { - const lines = codes.split("\n"); - str += "\n" + createShowCode(lines); - str += "\n-------------"; - } - } - //解析parsex里的content fun内容(通常是技能content) - // @ts-ignore - else if ( - err && - err.stack && - ["at Object.eval [as content]", "at Proxy.content"].some((str) => { - let stackSplit1 = err.stack.split("\n")[1]; - if (stackSplit1) { - return stackSplit1.trim().startsWith(str); - } - return false; - }) - ) { - const codes = _status.event.content; - if (typeof codes == "function") { - const lines = codes.toString().split("\n"); - str += "\n" + createShowCode(lines); - str += "\n-------------"; } } + if (err && err.stack) + str += + "\n" + + decodeURI(err.stack) + .replace(new RegExp(lib.assetURL, "g"), "") + .replace(new RegExp(winPath, "g"), ""); + alert(str); + game.print(str); } - if (err && err.stack) - str += - "\n" + - decodeURI(err.stack) - .replace(new RegExp(lib.assetURL, "g"), "") - .replace(new RegExp(winPath, "g"), ""); - alert(str); Reflect.set(window, "ea", Array.from(arguments)); Reflect.set(window, "em", msg); Reflect.set(window, "el", line); Reflect.set(window, "ec", column); Reflect.set(window, "eo", err); - game.print(str); if (promiseErrorHandler.onErrorFinish) promiseErrorHandler.onErrorFinish(); // @ts-ignore if (!lib.config.errstop && (_status && _status.event && !(_status.event.content instanceof AsyncFunction))) { diff --git a/noname/util/error.js b/noname/util/error.js new file mode 100644 index 000000000..bf4b617d5 --- /dev/null +++ b/noname/util/error.js @@ -0,0 +1,244 @@ +class CodeSnippet { + /** @type {Array} */ + static #snippetStack = []; + + /** @type {string} */ + #code; + /** @type {number} */ + #erroff; + + /** + * ```plain + * 构造一个代码片段对象 + * + * 通过 `erroff` 指定在发生错误时,错误信息指出的行与实际代码行的偏移量 + * ``` + * @param {string} code + * @param {number} erroff + */ + constructor(code, erroff = 0) { + this.#code = String(code); + this.#erroff = parseInt(String(erroff)) || 0; + } + + /** @type {string} */ + get code() { + return this.#code; + } + + /** @type {Array} */ + get lines() { + return this.code.split(/\r?\n/); + } + + /** + * ```plain + * 给定错误行号来获取错误代码片段 + * ``` + * + * @param {number} lineno + * @returns {string} + */ + viewCode(lineno) { + if (!Number.isInteger(lineno)) + throw new TypeError("错误行号必须是一个整数"); + + const index = lineno - this.#erroff; + const lines = this.lines; + const width = String(index + 4).length; + + let codeView = ""; + + for (let i = index - 4; i < index + 5; i++) { + if (i < 0 || i >= lines.length) + continue; + + codeView += String(i + 1).padStart(width, "0"); + codeView += `|${i == index ? "⚠️" : " "}${lines[i]}\n`; + } + + return codeView; + } + + /** + * ```plain + * 获取当前代码片段 + * ``` + * + * @type {CodeSnippet} + */ + static get currentSnippet() { + if (!this.#snippetStack.length) + throw new Error("代码片段栈为空"); + + return this.#snippetStack[this.#snippetStack.length - 1]; + } + + /** + * ```plain + * 压入一个代码片段作为当前代码片段 + * ``` + * + * @param {CodeSnippet} snippet + */ + static pushSnippet(snippet) { + if (!(snippet instanceof CodeSnippet)) + throw new TypeError("参数必须是一个代码片段对象"); + + this.#snippetStack.push(snippet); + } + + /** + * ```plain + * 弹出当前代码片段 + * ``` + * + * @returns {CodeSnippet} + */ + static popSnippet() { + if (!this.#snippetStack.length) + throw new Error("代码片段栈为空"); + + // @ts-ignore // eslint好不智能哦 + return this.#snippetStack.pop(); + } +} + +class ErrorReporter { + static #topAlert = window.alert.bind(null); + static #errorLineNoPatterns = [ + /:(\d+):\d+\)/, + /at :(\d+):\d+/, + /eval:(\d+):\d+/, + /Function:(\d+):\d+/, + /:(\d+):\d+/, + ]; + + /** @type {CodeSnippet} */ + #snippet; + /** @type {string} */ + #message; + /** @type {string} */ + #stack; + + /** + * ```plain + * 构造一个错误报告对象 + * 以此来保存错误相关信息 + * ``` + * + * @param {Error} error + * @param {CodeSnippet} snippet + */ + constructor(error, snippet = CodeSnippet.currentSnippet) { + if (!("stack" in error)) + throw new TypeError("传入的对象不是一个错误对象"); + + this.#snippet = snippet; + this.#message = String(error); + this.#stack = String(error.stack); + } + + get message() { + return this.#message; + } + + get stack() { + return this.#stack; + } + + static #findLineNo = function (line) { + for (const pattern of ErrorReporter.#errorLineNoPatterns) { + const match = pattern.exec(line); + + if (match) + return parseInt(match[1]); + } + + return NaN; + } + + viewCode() { + const stack = this.#stack; + const line = stack.split("\n")[1]; + const lineno = ErrorReporter.#findLineNo(line); + + if (!isNaN(lineno)) + return this.#snippet.viewCode(lineno); + + return null; + } + + /** + * ```plain + * 向用户报告错误信息 + * ``` + * + * @param {string} title + * @returns {string} + */ + report(title) { + const codeView = this.viewCode() || "#没有代码预览#"; + let errorInfo = `${title}:\n\t${this.#message}\n`; + errorInfo += `----------\n${codeView.trim()}\n`; + errorInfo += `----------\n调用堆栈:\n${this.#stack}`; + ErrorReporter.#topAlert(errorInfo); + return errorInfo; + } + + /** + * ```plain + * 向用户报告错误信息 + * ``` + * + * @param {Error} error + * @param {string} title + */ + static reportError(error, title = "发生错误") { + new ErrorReporter(error).report(title); + } +} + +class ErrorManager { + /** @type {WeakMap} */ + static #errorReporters = new WeakMap(); + + /** + * ```plain + * 设置错误报告器 + * + * 在报告错误时可以从此处获取错误报告器来直接报告错误 + * ``` + * + * @param {Object} obj + * @param {ErrorReporter?} reporter + */ + static setErrorReporter(obj, reporter = null) { + if (obj !== Object(obj)) + throw new TypeError("参数必须是一个对象"); + if (!(reporter instanceof ErrorReporter)) + reporter = new ErrorReporter(obj); + if (ErrorManager.#errorReporters.has(obj)) + throw new Error("对象已存在错误报告器"); + + ErrorManager.#errorReporters.set(obj, reporter); + } + + /** + * ```plain + * 获取设置的错误报告器 + * ``` + * + * @param {Object} obj + * @returns {ErrorReporter?} + */ + static getErrorReporter(obj) { + return ErrorManager.#errorReporters.get(obj) || null; + } +} + +export { + CodeSnippet, + ErrorReporter, + ErrorManager, +}; \ No newline at end of file diff --git a/noname/util/initRealms.js b/noname/util/initRealms.js index 1701c176f..bfb5504c8 100644 --- a/noname/util/initRealms.js +++ b/noname/util/initRealms.js @@ -1,3 +1,5 @@ +import { CodeSnippet, ErrorReporter, ErrorManager } from "./error.js"; + // 方便开关确定沙盒的问题喵 // 当此处为true、debug模式为启用、设备非苹果时,沙盒生效 let SANDBOX_ENABLED = true; @@ -77,7 +79,7 @@ async function initializeSandboxRealms(enabled) { }, }); - // 传递顶级变量域、上下文执行器 + // 传递顶级变量域、上下文执行器、错误管理器 // @ts-ignore iframe.contentWindow.replacedGlobal = window; // @ts-ignore @@ -86,6 +88,8 @@ async function initializeSandboxRealms(enabled) { iframe.contentWindow.replacedCI2 = ContextInvoker2; // @ts-ignore iframe.contentWindow.replacedCIC = ContextInvokerCreator; + // @ts-ignore + iframe.contentWindow.replacedErrors = { CodeSnippet, ErrorReporter, ErrorManager }; // 重新以新的变量域载入当前脚本 const script = iframe.contentWindow.document.createElement("script"); diff --git a/noname/util/sandbox.js b/noname/util/sandbox.js index 148259267..d6ef55ee7 100644 --- a/noname/util/sandbox.js +++ b/noname/util/sandbox.js @@ -41,6 +41,13 @@ const SandboxSignal_ListMonitor = Symbol("ListMonitor"); const SandboxSignal_ExposeInfo = Symbol("ExposeInfo"); const SandboxSignal_TryFunctionRefs = Symbol("TryFunctionRefs"); +/** @type {typeof import("./error.js").CodeSnippet} */ +let CodeSnippet; +/** @type {typeof import("./error.js").ErrorReporter} */ +let ErrorReporter; +/** @type {typeof import("./error.js").ErrorManager} */ +let ErrorManager; + // 用于适配 < Chrome 84 的设备 const WeakRef = window.WeakRef || class WeakRef { /** @@ -2306,12 +2313,25 @@ class Marshal { if (mappedCtor) { const newError = new mappedCtor(); - const stack = String(target.stack); + const stack = (function () { + try { + return String(target.stack); + } catch (e) { + return "无法获取错误"; + } + })(); + Reflect.defineProperty(newError, 'stack', { get: () => () => stack, set: () => { }, configurable: false, }); + + // 继承原本的错误信息 + const errorReporter = ErrorManager.getErrorReporter(target); + if (errorReporter) + ErrorManager.setErrorReporter(newError, errorReporter); + return newError; } } @@ -2866,7 +2886,7 @@ class Domain { * 检查对象是否来自于当前的运行域 * ``` * - * @param {Object} obj + * @param {Object?} obj * @returns {boolean} */ isFrom(obj) { @@ -2885,7 +2905,7 @@ class Domain { * 检查对象是否来自于当前的运行域的Promise * ``` * - * @param {Promise} promise + * @param {Promise?} promise * @returns {boolean} */ isPromise(promise) { @@ -2902,7 +2922,7 @@ class Domain { * 检查对象是否来自于当前的运行域的Error * ``` * - * @param {Error} error + * @param {Error?} error * @returns {boolean} */ isError(error) { @@ -2919,7 +2939,7 @@ class Domain { * 检查对象是否来自于当前的运行域的危险对象 * ``` * - * @param {Object} obj + * @param {Object?} obj * @returns {boolean} */ isUnsafe(obj) { @@ -3582,6 +3602,7 @@ class Sandbox { let wrappedEval; const raw = new thiz.#domainFunction("_", `with(_){with(window){with(${contextName}){return(${applyName}(function(${parameters}){"use strict";\n// 沙盒代码起始\n${code}\n// 沙盒代码结束\n},${contextName}.this,${argsName}))}}}`); + const snippet = new CodeSnippet(code, 5); // 错误信息的行号从 5 开始 (即错误信息的前 5 行是不属于 `code` 的范围) const domain = thiz.#domain; const domainWindow = thiz.#domainWindow; @@ -3637,6 +3658,8 @@ class Sandbox { // 指定执行域 // 方便后续新的函数来继承 Sandbox.#executingScope.push(scope); + // 指定当前的代码片段 + CodeSnippet.pushSnippet(snippet); try { // 传递 `this`、以及函数参数 @@ -3652,27 +3675,17 @@ class Sandbox { // 封送返回结果 return Marshal[SandboxExposer2] (SandboxSignal_Marshal, result, prevDomain); - // } catch (e) { - // // 立即报告错误 - // const window = Domain.topDomain[SandboxExposer](SandboxSignal_GetWindow); - // // @ts-ignore - // const stack = String(e.stack); - // const line = stack.split("\n")[1]; - // const match = /:(\d+):\d+\)/.exec(line); - // if (match) { - // const index = parseInt(match[1]) - 5; - // const lines = code.split("\n"); - // let codeView = ""; - // for (let i = index - 4; i < index + 5; i++) { - // if (i < 0 || i >= lines.length) - // continue; - // codeView += `${i + 1}|${i == index ? "⚠️" : " "}${lines[i]}\n`; - // } - // // @ts-ignore - // window.alert(`Sandbox内执行的代码出现错误:\n${stack}\n----------\n${codeView}\n----------`); - // } - // throw e; // 不再向上抛出异常 + } catch (e) { + // @ts-ignore + if (!domain.isError(e)) + throw e; // 非错误对象无法读取堆栈,继续向上抛出 + + // 保存当前错误信息 + // 这样无论几次重抛都可以复现最原始的错误信息 + ErrorManager.setErrorReporter(e); + throw e; // 继续向上抛出(由于JS不支持rethrow只能这样喵) } finally { + CodeSnippet.popSnippet(); Sandbox.#executingScope.pop(); } }; @@ -3974,6 +3987,16 @@ if (SANDBOX_ENABLED) { // 改为此处初始化,防止多次初始化 Domain[SandboxExposer2](SandboxSignal_InitDomain); + // 获取顶级域的错误管理器 + // @ts-ignore + ({ + CodeSnippet, + ErrorReporter, + ErrorManager, + } + // @ts-ignore + = window.replacedErrors); + // 向顶级运行域暴露导出 // @ts-ignore window.SANDBOX_EXPORT = { From 03623695006798e52b6d732a09543920e6401e0f Mon Sep 17 00:00:00 2001 From: IceCola <739201322@qq.com> Date: Fri, 7 Jun 2024 23:04:26 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E5=85=81=E8=AE=B8=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E5=8F=8D=E5=A4=8D=E6=8A=9B=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- noname/util/error.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/noname/util/error.js b/noname/util/error.js index bf4b617d5..ce47a222a 100644 --- a/noname/util/error.js +++ b/noname/util/error.js @@ -218,8 +218,6 @@ class ErrorManager { throw new TypeError("参数必须是一个对象"); if (!(reporter instanceof ErrorReporter)) reporter = new ErrorReporter(obj); - if (ErrorManager.#errorReporters.has(obj)) - throw new Error("对象已存在错误报告器"); ErrorManager.#errorReporters.set(obj, reporter); } From fc828840481531122b64132f7ef99e1e4729cc9b Mon Sep 17 00:00:00 2001 From: IceCola <739201322@qq.com> Date: Sat, 8 Jun 2024 23:38:31 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E5=85=81=E8=AE=B8=E6=B2=99=E7=9B=92?= =?UTF-8?q?=E6=9A=B4=E9=9C=B2=E5=9F=BA=E7=A1=80=E7=9A=84dom=E7=B1=BB?= =?UTF-8?q?=E5=9E=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- noname/util/error.js | 11 ++-- noname/util/initRealms.js | 2 + noname/util/sandbox.js | 109 +++++++++++++++++++++++++++++++++----- noname/util/security.js | 1 + 4 files changed, 105 insertions(+), 18 deletions(-) diff --git a/noname/util/error.js b/noname/util/error.js index ce47a222a..fb5d1b775 100644 --- a/noname/util/error.js +++ b/noname/util/error.js @@ -65,11 +65,11 @@ class CodeSnippet { * 获取当前代码片段 * ``` * - * @type {CodeSnippet} + * @type {CodeSnippet?} */ static get currentSnippet() { if (!this.#snippetStack.length) - throw new Error("代码片段栈为空"); + return null; return this.#snippetStack[this.#snippetStack.length - 1]; } @@ -114,7 +114,7 @@ class ErrorReporter { /:(\d+):\d+/, ]; - /** @type {CodeSnippet} */ + /** @type {CodeSnippet?} */ #snippet; /** @type {string} */ #message; @@ -128,7 +128,7 @@ class ErrorReporter { * ``` * * @param {Error} error - * @param {CodeSnippet} snippet + * @param {CodeSnippet?} snippet */ constructor(error, snippet = CodeSnippet.currentSnippet) { if (!("stack" in error)) @@ -159,6 +159,9 @@ class ErrorReporter { } viewCode() { + if(!this.#snippet) + return null; + const stack = this.#stack; const line = stack.split("\n")[1]; const lineno = ErrorReporter.#findLineNo(line); diff --git a/noname/util/initRealms.js b/noname/util/initRealms.js index bfb5504c8..6f912f8a6 100644 --- a/noname/util/initRealms.js +++ b/noname/util/initRealms.js @@ -111,6 +111,8 @@ async function initializeSandboxRealms(enabled) { delete iframe.contentWindow.replacedCI2; // @ts-ignore delete iframe.contentWindow.replacedCIC; + // @ts-ignore + delete iframe.contentWindow.replacedErrors; // @ts-ignore Object.assign(SANDBOX_EXPORT, iframe.contentWindow.SANDBOX_EXPORT); diff --git a/noname/util/sandbox.js b/noname/util/sandbox.js index d6ef55ee7..b1f10d54a 100644 --- a/noname/util/sandbox.js +++ b/noname/util/sandbox.js @@ -2247,8 +2247,7 @@ class Marshal { if (descriptor && descriptor.value && !descriptor.enumerable - && !descriptor.configurable - && descriptor.value.constructor === src) + && !descriptor.configurable) cloned = function () { }; else cloned = () => { }; @@ -2313,24 +2312,38 @@ class Marshal { if (mappedCtor) { const newError = new mappedCtor(); - const stack = (function () { + const silentAccess = (o, p, d) => { try { - return String(target.stack); + if (typeof p == "function") + return p(o); + else + return o[p]; } catch (e) { - return "无法获取错误"; + return d; } - })(); + }; + const pinValue = (o, p, v) => { + Reflect.defineProperty(o, p, { + get: () => v, + set: () => { }, + configurable: false, + }); + }; - Reflect.defineProperty(newError, 'stack', { - get: () => () => stack, - set: () => { }, - configurable: false, - }); + const name = String(silentAccess(target, "name", "#无法获取错误名#")); + const message = String(silentAccess(target, "message", "#无法获取错误消息#")); + const stack = String(silentAccess(target, "stack", "#无法获取调用栈#")); + const string = silentAccess(target, String, "#无法获取错误信息#"); + + pinValue(newError, "name", name); + pinValue(newError, "message", message); + pinValue(newError, "stack", stack); + pinValue(newError, "toString", () => string); // 继承原本的错误信息 const errorReporter = ErrorManager.getErrorReporter(target); - if (errorReporter) - ErrorManager.setErrorReporter(newError, errorReporter); + ErrorManager.setErrorReporter(newError, + errorReporter || new ErrorReporter(target)); // 无论有没有都捕获当前的错误信息 return newError; } @@ -3164,6 +3177,10 @@ function trapMarshal(srcDomain, dstDomain, obj) { * ``` */ class Sandbox { + // @ts-ignore + static #topWindow = window.replacedGlobal || window; + // @ts-ignore + static #topWindowHTMLElement = (window.replacedGlobal || window).HTMLElement; /** @type {WeakMap} */ static #domainMap = new WeakMap(); /** @type {Array} */ @@ -3204,6 +3221,20 @@ class Sandbox { */ #freeAccess = false; + /** + * ```plain + * 当在当前scope中访问不到变量时, + * 是否允许沙盒代码可以穿透到顶级域的全局变量域中 + * 去读取DOM类型的构造函数(仅读取) + * (包括Image、Audio等) + * + * 此开关有风险,请谨慎使用 + * ``` + * + * @type {boolean} + */ + #domAccess = false; + /** * 创建一个新的沙盒 */ @@ -3441,6 +3472,40 @@ class Sandbox { this.#freeAccess = !!value; } + /** + * ```plain + * 当在当前scope中访问不到变量时, + * 是否允许沙盒代码可以穿透到顶级域的全局变量域中 + * 去读取DOM类型的构造函数(仅读取) + * (包括Image、Audio等) + * + * 此开关有风险,请谨慎使用 + * ``` + * + * @type {boolean} + */ + get domAccess() { + Sandbox.#assertOperator(this); + return this.#domAccess; + } + + /** + * ```plain + * 当在当前scope中访问不到变量时, + * 是否允许沙盒代码可以穿透到顶级域的全局变量域中 + * 去读取DOM类型的构造函数(仅读取) + * (包括Image、Audio等) + * + * 此开关有风险,请谨慎使用 + * ``` + * + * @type {boolean} + */ + set domAccess(value) { + Sandbox.#assertOperator(this); + this.#domAccess = !!value; + } + /** * ```plain * 向当前域注入内建对象 @@ -3800,10 +3865,18 @@ class Sandbox { // 暴露非内建的顶级全局变量 if (thiz.#freeAccess && !Globals.isBuiltinKey(p)) { - const topWindow = Domain.topDomain[SandboxExposer](SandboxSignal_GetWindow); + const topWindow = Sandbox.#topWindow; if (p in topWindow) return trapMarshal(Domain.topDomain, thiz.#domain, topWindow[p]); + } else if (thiz.#domAccess) { + const topWindow = Sandbox.#topWindow; + const accessTarget = topWindow[p]; + + if (typeof accessTarget == "function" + && "prototype" in accessTarget + && accessTarget.prototype instanceof Sandbox.#topWindowHTMLElement) + return trapMarshal(Domain.topDomain, thiz.#domain, accessTarget); } return undefined; @@ -3816,6 +3889,14 @@ class Sandbox { && !Globals.isBuiltinKey(p)) { const topWindow = Domain.topDomain[SandboxExposer](SandboxSignal_GetWindow); return p in topWindow; + } else if (thiz.#domAccess) { + const topWindow = Sandbox.#topWindow; + const accessTarget = topWindow[p]; + + if (typeof accessTarget == "function" + && "prototype" in accessTarget + && accessTarget.prototype instanceof Sandbox.#topWindowHTMLElement) + return true; } return false; diff --git a/noname/util/security.js b/noname/util/security.js index b24e4177e..ad07b8ac3 100644 --- a/noname/util/security.js +++ b/noname/util/security.js @@ -583,6 +583,7 @@ function createSandbox() { const box = new Sandbox(); box.freeAccess = true; + box.domAccess = true; box.initBuiltins(); // 向沙盒提供顶级运行域的文档对象