Edbrowse crashes when opening "Creator Studio" or "Video Manager"

[OParczyk]

Hi! I know that this particular use case might lie outside of edbrowse's scope, but I don't know what causes this crash and it might well be something that happens on other pages too.

Steps to reproduce: activate JavaScript (for google too, as you'll need to login using google, see #60 ) e https://youtube.com login using

Frame {signin-passive}

you won't get redirected to YouTube afterwards, so e https://youtube.com again.

then go to "My channel" (or similar) then try to open either "Creator Studio" or "Video Manager" (or similar) edbrowse will fetch the page and quit, only displaying "aborted."

Happy new Year, Oliver Parczyk

[OParczyk]

Just tried it using db3, although I fail to see anything that looks crash-inducing in there, maybe it helps:

44g2 *https://www.youtube.com/my_videos content text/html; charset=utf-8 http code 303 redirect https://www.youtube.com/my_videos?o=U content text/html; charset=utf-8 http code 200 text type is utf8 setting utf8 mode 200870 create js context 2 an input item is not part of a fill-out form a button does not have a name an input item is not part of a fill-out form an input item does not have a name an input item does not have a name an input item does not have a name an input item does not have a name an input item does not have a name an input item does not have a name an input item is not part of a fill-out form an input item is not part of a fill-out form js source https://www.youtube.com/yts/jsbin/scheduler-vflhhjgiX/scheduler.js jsbg thread 7 css source https://www.youtube.com/yts/cssbin/www-core-vflRlRixQ.css content text/javascript thread 7 http code 200 from cache content text/css http code 200 from cache css source https://www.youtube.com/yts/cssbin/player-vfldpV8mM/www-player.css content text/css http code 200 from cache css source https://www.youtube.com/yts/cssbin/www-pageframe-vfldKQBmr.css content text/css http code 200 from cache js source https://www.youtube.com/yts/jslib/angular.min-vflQbF7W6.js jsbg thread 8 css source https://www.youtube.com/yts/cssbin/www-creatorpage-vflfgomxn.css content text/javascript content text/css http code 200 from cache css source https://www.youtube.com/yts/cssbin/www-videomanager-vflc4NBus.css thread 8 http code 200 into cache content text/css http code 200 from cache Abort $

[OParczyk]

Last lines of db9 (is there a table regarding db-levels>3?):

> has href < true > has href < 5 > function markAttribute < ok > has onclick < true > has onclick < 0 > set onclick=return yt.www.feedback.start(59, { Aborted.

[eklhad]

Table of db levels is in README.

I would guess, based on your db output, that this line in an html file would cause an abort for the same reason.

The compilation of the handler is not done in a protected mode so a syntax error would cause duktape to crash. I need to fix this one obviously, and hope that my guess is right and it embrases your bug as well. Karl Dahlke

[eklhad]

Latest push. It fixes my problem; might fix yours. But there's a deeper problem somewhere. You might want to run at db3 and maybe dbev to confirm, it should print out a syntax error on the onclick handler and the source code so we can see. There shouldn't be any of these syntax errors on real websites, but you never know. By the way, I don't think you ever want to go past db5, it gets pretty crazy.

Karl Dahlke

[OParczyk]

Thank you! Now loading the page doesn't cause a crash anymore:

db3 44g2 *https://www.youtube.com/my_videos content text/html; charset=utf-8 http code 303 redirect https://www.youtube.com/my_videos?o=U content text/html; charset=utf-8 http code 200 text type is utf8 setting utf8 mode 200844 create js context 2 an input item is not part of a fill-out form a button does not have a name an input item is not part of a fill-out form an input item does not have a name an input item does not have a name an input item does not have a name an input item does not have a name an input item does not have a name an input item does not have a name an input item is not part of a fill-out form an input item is not part of a fill-out form js source https://www.youtube.com/yts/jsbin/scheduler-vflhhjgiX/scheduler.js jsbg thread 7 css source https://www.youtube.com/yts/cssbin/www-core-vflRlRixQ.css content text/javascript thread 7 http code 200 from cache content text/css http code 200 from cache css source https://www.youtube.com/yts/cssbin/player-vfldpV8mM/www-player.css content text/css http code 200 from cache css source https://www.youtube.com/yts/cssbin/www-pageframe-vfldKQBmr.css content text/css http code 200 from cache js source https://www.youtube.com/yts/jslib/angular.min-vflQbF7W6.js jsbg thread 8 css source https://www.youtube.com/yts/cssbin/www-creatorpage-vflfgomxn.css content text/javascript thread 8 http code 200 content text/cssfrom cache http code 200 from cache css source https://www.youtube.com/yts/cssbin/www-videomanager-vflc4NBus.css content text/css http code 200 http code 200 into cache handler syntax error <return yt.www.feedback.start(59, {> js source https://www.youtube.com/yts/jsbin/spf-vflqCgDoF/spf.js jsbg thread 9 js source https://www.youtube.com/yts/jsbin/www-en_US-vflgucLXk/base.js jsbg thread 10 js source https://www.youtube.com/yts/jsbin/www-videomanager-vfl2euKYU/www-videomanager.js jsbg thread 11 js source https://www.youtube.com/yts/jsbin/www-localdatetime-vflVMZz3j/www-localdatetime.js jsbg thread 12 js source https://www.google.com/insights/consumersurveys/async_survey?site=jb25dvgc6hgrgaqajuzzko6rni jsbg thread 13 js source https://www.youtube.com/yts/jsbin/www-creator_url_param_fixer-vflUtZpQz/www-creator_url_param_fixer.js jsbg thread 14 exec eb$qs$start 7721 selectors + rules: 1 no rules, 4 bad rule attribute, 160 dynamic, 46 :unsupported, 4 @ empty, 15 @ not media, 3 @ bad media 243 css assignments exec complete exec my_videos at 2 exec complete exec my_videos at 2 my_videos line 3: TypeError: cannot read property 'responseStart' of undefined exec complete exec my_videos at 2 exec complete exec my_videos at 2 exec complete exec my_videos at 9 exec complete exec scheduler.js at 1 exec complete exec angular.min-vflQbF7W6.js at 1 content text/javascript thread 9 http code 200 from cache content text/javascript thread 12 http code 200 into cache content text/javascript content text/javascript thread 10 http code 200 from cache content text/javascript thread 14 http code 200 into cache thread 11 http code 200 into cache content text/javascript; charset=utf-8 exec complete exec my_videos at 2655 exec complete exec spf.js at 1 thread 13 http code 200 exec complete exec base.js at 1 base.js line 752: Error: unsupported exec complete exec my_videos at 2658 exec complete exec my_videos at 2658 exec complete exec my_videos at 2658 my_videos line 2659: TypeError: undefined not callable (property 'setConfig' of [object Object]) exec complete exec www-videomanager.js at 1 www-videomanager.js line 62: Error: unsupported exec complete exec www-localdatetime.js at 1 exec complete exec my_videos at 2660 my_videos line 2661: TypeError: cannot read property 'subscribe' of undefined exec complete exec my_videos at 2671 my_videos line 2672: TypeError: undefined not callable (property 'setMsg' of [object Object]) exec complete exec my_videos at 2683 exec complete exec async_survey at 1 exec complete exec www-creator_url_param_fixer.js at 1 exec complete exec my_videos at 2684 my_videos line 2685: TypeError: undefined not callable (property 'setConfig' of [object Object]) exec complete js source https://www.google.com/insights/consumersurveys/static/423107045355020959/prompt_embed_static.js jsbg thread 15 content application/x-javascript thread 15 http code 200 into cache exec prompt_embed_static.js at 1 exec complete fire 6 endfire 6 fire 7 endfire 7 free and recompile css descriptors due to dom changes css complete 1411 js source https://adservice.google.de/adsid/integrator.js?domain=www.youtube.com js source https://adservice.google.com/adsid/integrator.js?domain=www.youtube.com jsbg thread 16 jsbg thread 17 content application/javascript; charset=iso-8859-1 content application/javascript; charset=iso-8859-1 thread 16 http code 200 thread 17 http code 200 exec integrator.js at 1 exec complete exec integrator.js at 1 exec complete js source https://www.google.com/insights/consumersurveys/gk/prompt?t=a&site=jb25dvgc6hgrgaqajuzzko6rni&sc=isAffiliate%3A%20false&random=1578054478363&ref=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCbfCNCu_vAdkn-8dL9ig5Xg&token=NT jsbg thread 18 content text/javascript; charset=utf-8 thread 18 http code 200 exec prompt at 1 exec complete

Opening Creator Studio now yields

javascript is opening a blank window

and thats it, at least at db3. at db4:

jSyncup starts jSyncup ends window r| javascript is opening a blank window jSideEffects starts jSideEffects ends rerender anchorSwap 29 anchors unframed whitespace combined

db5 already gets enormously huge, if necessary to paste, do you prefer any service or should I attach a .txt file if necessary?