#971 assigned enhancement

"Humanized failures" should still have a traceback, hidden by default — at Version 6

Reported by: davidsarah Owned by: davidsarah
Priority: major Milestone: soon
Component: code-frontend-web Version: 1.6.0
Keywords: error privacy anonymity Cc: kpreid@…
Launchpad Bug:

Description (last modified by davidsarah)

Currently, failures that occur in a WUI operation (that is, a webapi operation with HTML output) go through humanize_failure in web/common.py, in order to produce a more informative error message. This is better in most cases than dumping an exception traceback, but sometimes you really do also want the traceback for debugging.

DHTML could be used to hide the traceback by default, like this:

<!doctype html>
<html>
  <head>
    <script type="text/javascript">
      function toggleDebug() {
        var el = document.getElementById('debug');
        show = el.style.display === 'none';
        el.style.display = show ? '' : 'none';
        document.getElementById('toggle').innerHTML =
          show ? 'Hide debugging information' : 'Show debugging information';
      }
      window.onload = toggleDebug;
    </script>
  </head>
<body>
  <p>
  <a id="toggle" onclick="toggleDebug();"
     style="text-decoration: none; border-bottom: 1px dashed #000000"></a>
  </p>
  <div id="debug"><p>Traceback</p></div>
</body>
</html>

A traceback can be obtained from a twisted.python.failure.Failure object using:

  from StringIO import StringIO
  sfile = StringIO()
  f.printTraceback(sfile)  # or printDetailedTraceback
  sfile.flush()
  ... sfile.getvalue() ...

Change History (6)

comment:1 Changed at 2010-02-25T02:48:56Z by davidsarah

  • Owner set to davidsarah
  • Status changed from new to assigned

comment:2 Changed at 2010-02-25T02:51:19Z by davidsarah

The humanize_failure link was supposed to be to web/common.py.

comment:3 Changed at 2010-02-25T03:58:33Z by kpreid

  • Cc kpreid@… added

innerHTML is currently non-standardized and has somewhat hairy semantics. Use DOM node manipulation instead, or put the two texts for the button in spans and toggle their visibility too.

var toggle = document.getElementById('toggle');
var node; while (node = toggle.firstChild) { toggle.removeChild(node); }
toggle.appendChild(document.createTextNode(show ? 'Hide debugging information' : 'Show debugging information'));

comment:4 Changed at 2010-02-25T04:47:39Z by davidsarah

Thanks, I was wondering how to do that without using innerHTML.

comment:5 Changed at 2010-03-29T00:44:37Z by davidsarah

  • Keywords privacy added

This ticket and #1008 are somewhat contradictory. See my argument in ticket:1008#comment:1 for why the information revealed by a traceback doesn't in practice tend to lead to confidentiality or privacy breaches.

comment:6 Changed at 2010-04-08T18:27:01Z by davidsarah

  • Description modified (diff)
Note: See TracTickets for help on using tickets.