I'm currently building a script for debug tools, which is binding the console to a virtual console in the DOM. In other words, it injects every log, error, etc. into the DOM, even system’s.

While testing this in Kobo Android, got access to app’s logs (two last lines in the screenshot).

“Why reporting this” you may ask… Depends on what you're logging, obviously, but could also turn into a security issue if some critical data is “console.logged”.

Thanks @JayPanoz we've looked into it and this is not a significant security issue but we will likely remove it from a future release regardless.

👍

I'd found nothing “critical” but prevention is better than cure, obviously.