Error Handling, Logging, and Alerting
Learn why we should never expose stack traces to our users and instead use secure source maps, access-controlled error logging, and alerting services.
We'll cover the following
Stack traces
Error handling that reveals overly informative error messages to users, including stack traces, is a vulnerability that falls under the Security Misconfiguration OWASP category, currently ranked in the fifth position on the OWASP Top Ten. A stack trace is simply a list of the functions that were called in order that led to a certain line in an application. Stack traces are an essential aspect of debugging, but they can often reveal useful information to attackers as well.
Client-side stack traces
Stack traces are especially informative when determining why an error occurred on a specific line of code because they reveal the sequence of events that led up to the failure. We can also use console.trace to manually log a stack trace.
Keep in mind, it’s best practice to avoid using methods on the console object in client-side production code altogether. Use them locally or in testing environments while debugging only. We can use an ESLint rule to ensure that console methods are stripped before reaching production. This rule does not apply to server-side JavaScript because console is often used to output information to users and is not strictly for debugging purposes.
Get hands-on with 1200+ tech skills courses.