2

So in my website, I use jquery to fetch data through ajax. AS part of the ajax response, some of the javascript code comes as well which is executed. The problem is how to debug this javascript in firebug or other tools. This is my experience so far:

  • putting debugger; doesn't work
  • For some javascript, can't set the breakpoint as that script is not yet loaded.
  • even if this new javascript calls some other function thats already loaded (i.e. i can see it in firebug and set a breakpoint), that breakpoint on that function is still not triggered

However, the javascript does executes normally and even things like console.log works but cant seem to debug it..

user133371
  • 323
  • 2
  • 6
  • 18
  • This sounds to me as a bad design decision taken: with due respect, I don't think you should send your code as a response to an `XMLHttpRequest` (and using `eval` or the Function constructor to execute that code). – Marcel Korpel Jan 17 '11 at 19:30
  • I would also tell that it sounds more like wrong design decision.. Could you tell us more why do you load that script together with data? There simple should be another solution, which will be good supported, and easy to debug – Maxym Jan 17 '11 at 19:49
  • in the response, i have code like $(document).ready(function{..}), so instead of executing code in the success handler of the ajax call, i send the javascript as part of the response to accomplish certain task..dont see whats wrong with this approach? – user133371 Jan 17 '11 at 20:51
  • 2
    It's a huge security risk, it's slow to evaluate code at run time and (as you can see) gives problems with debugging. You'd better define that code statically and let the callback handler run that function, instead of sending it as part of the response. – Marcel Korpel Jan 17 '11 at 22:16
  • thanks Marcel for the comments. I understand your other points. But just curious, how is this a security risk? – user133371 Jan 18 '11 at 15:17
  • interesting discussion:http://stackoverflow.com/questions/4727900/when-to-choose-javascript-injection-from-code-behind-over-external-js-file – user133371 Jan 18 '11 at 20:41
  • 2
    Because some attacker might change the code that gets send dynamically (e.g., by changing the code that's stored and steal cookies and perform malicious tasks from within other users' accounts). It's way harder to change a static file on your (client's) server. – Marcel Korpel Jan 18 '11 at 21:25

2 Answers2

5

If you use Google Chrome, check out the answer of this question: https://stackoverflow.com/a/10929430/482916

You need to add in the ajax-loaded JS scripts the following comment:

//@ sourceURL=dynamicScript.js

where dynamicScript.js is the name of the script which will come up in the console.

Community
  • 1
  • 1
gmoz22
  • 1,247
  • 11
  • 17
2

I know Firebug and the IE developer tools will respect the debugger statement. So I would throw that onto the top of the response.

debugger;

func1();
func2();
ChaosPandion
  • 77,506
  • 18
  • 119
  • 157
  • unfortunately debugger; statement doesnt work in this scenario i.e where javascript is executed as part of ajax response – user133371 Jan 17 '11 at 20:49