[browsers] Impossible to observe unhandled rejection from within a sandbox #66
Description
In browsers, the HostPromiseRejectionTracker depends on the identity of the Promise Intrinsic Object, which means there is no way to capture unhandled rejection produced by the Promise inside the sandbox, e.g.:
const iframe = document.createElement('iframe');
document.body.appendChild(iframe);
const { contentWindow: { eval: iframeEval } } = iframe;
// adding listeners
window.addEventListener('error', e => console.error('onerror in outer window', e));
window.addEventListener('unhandledrejection', e => console.error('captured onunhandledrejection in outer window with reason: ', e.reason));
iframeEval(`
window.addEventListener('error', e => console.error('onerror in iframe', e));
window.addEventListener('unhandledrejection', e => console.error('captured onunhandledrejection in iframe with reason: ', e.reason));
`);
// trying Promise intrinsic object from iframe:
iframeEval(`
new Promise((resolve, reject) => {
reject('rejection Promise intrinsic from iframe');
});
`);
// trying Promise intrinsic object from outer realm:
iframeEval(`
new top.Promise((resolve, reject) => {
reject('rejection Promise intrinsic from outer realm');
});
`);From within the sandbox, when you do window.addEventListener('unhandledrejection') you are observing unhandled rejection from the outer realm, but that doesn't include those unhandled rejection from within the sandbox.
This seems to be a problem to be solved, it is not a security/leaking problem, but a capability problem.