ref(browser): Extract browser-specific normalize code into registerable util

[mydea]

Today, we have some browser-specific code in core that runs for all runtimes. Mainly this is around (browser) Event, which can have target and currentTarget defined which are HTML elements. We have some code in place handling this in a custom way.

This PR moves this code into browser-utils and changes it so this only runs in browser environments. There are two callsites:

1. extractExceptionKeysForMessage - this is easy because we can just use the browser-utils implementation in the browser package, and use an implementation without Event support in core.
2. normalize - this is harder because this is called from other core code, mainly prepareEvent.

To solve 2, this PR adds a addNormalizeUnpacker method that can be called to register a custom normalize unpacking function. So in core, nothing runs, while in browser this is called to register an additional unpacker for events.

[github-actions]

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	27.48 kB	+0.58%	+158 B 🔺
@sentry/browser - with treeshaking flags	25.89 kB	+0.62%	+157 B 🔺
@sentry/browser (incl. Tracing)	45.54 kB	+0.5%	+224 B 🔺
@sentry/browser (incl. Tracing + Span Streaming)	47.78 kB	+0.48%	+225 B 🔺
@sentry/browser (incl. Tracing, Profiling)	50.51 kB	+0.42%	+209 B 🔺
@sentry/browser (incl. Tracing, Replay)	85.16 kB	+0.29%	+240 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	74.59 kB	+0.23%	+168 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas)	89.86 kB	+0.26%	+228 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback)	102.47 kB	+0.22%	+222 B 🔺
@sentry/browser (incl. Feedback)	44.65 kB	+0.33%	+144 B 🔺
@sentry/browser (incl. sendFeedback)	32.29 kB	+0.49%	+157 B 🔺
@sentry/browser (incl. FeedbackAsync)	37.39 kB	+0.39%	+143 B 🔺
@sentry/browser (incl. Metrics)	28.56 kB	+0.56%	+158 B 🔺
@sentry/browser (incl. Logs)	28.8 kB	+0.57%	+162 B 🔺
@sentry/browser (incl. Metrics & Logs)	29.48 kB	+0.49%	+142 B 🔺
@sentry/react	29.2 kB	+0.49%	+141 B 🔺
@sentry/react (incl. Tracing)	47.71 kB	+0.34%	+161 B 🔺
@sentry/vue	32.44 kB	+0.63%	+200 B 🔺
@sentry/vue (incl. Tracing)	47.4 kB	+0.49%	+230 B 🔺
@sentry/svelte	27.49 kB	+0.53%	+143 B 🔺
CDN Bundle	29.87 kB	+0.49%	+144 B 🔺
CDN Bundle (incl. Tracing)	48.23 kB	+0.82%	+389 B 🔺
CDN Bundle (incl. Logs, Metrics)	31.32 kB	+0.36%	+110 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics)	49.42 kB	+0.68%	+330 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics)	70.69 kB	+0.23%	+157 B 🔺
CDN Bundle (incl. Tracing, Replay)	85.58 kB	+0.29%	+242 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	86.77 kB	+0.33%	+277 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback)	91.38 kB	+0.2%	+174 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	92.58 kB	+0.23%	+205 B 🔺
CDN Bundle - uncompressed	88.36 kB	+0.64%	+558 B 🔺
CDN Bundle (incl. Tracing) - uncompressed	144.87 kB	+0.41%	+579 B 🔺
CDN Bundle (incl. Logs, Metrics) - uncompressed	92.85 kB	+0.61%	+556 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	148.63 kB	+0.4%	+579 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	217.58 kB	+0.26%	+558 B 🔺
CDN Bundle (incl. Tracing, Replay) - uncompressed	263.66 kB	+0.23%	+585 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	267.4 kB	+0.22%	+585 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	277.35 kB	+0.21%	+580 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	281.08 kB	+0.21%	+580 B 🔺
@sentry/nextjs (client)	50.22 kB	+0.38%	+187 B 🔺
@sentry/sveltekit (client)	46 kB	+0.45%	+202 B 🔺
@sentry/core/server	76.05 kB	-0.56%	-427 B 🔽
@sentry/core/browser	63.21 kB	-0.04%	-20 B 🔽
@sentry/node-core	62.13 kB	-0.74%	-457 B 🔽
@sentry/node	130.63 kB	-0.37%	-477 B 🔽
@sentry/node - without tracing	74.55 kB	-0.63%	-467 B 🔽
@sentry/aws-serverless	86.79 kB	-0.52%	-452 B 🔽
@sentry/cloudflare (withSentry) - minified	172.13 kB	-0.8%	-1.38 kB 🔽
@sentry/cloudflare (withSentry)	430.58 kB	-0.68%	-2.94 kB 🔽

View base workflow run

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit fbe2a21. Configure here.}

[cursor]

safeJoin with normalize breaks Error and null/undefined stringification

High Severity

Replacing String(value) with normalize(value) in safeJoin causes normalize to return non-string types (objects, null, undefined) that are then passed to .join(). For Error objects, normalize returns {message, name, stack} which .join() renders as "[object Object]" instead of "Error: message". For null/undefined, .join() produces empty strings instead of "null"/"undefined". This degrades console breadcrumb messages in the browser SDK where safeJoin(handlerData.args, ' ') is used directly without pre-filtering Errors.

Additional Locations (1)

• packages/core/src/utils/string.ts#L80-L81

 

^{Reviewed by Cursor Bugbot for commit fbe2a21. Configure here.}

[cursor]

Falsy detail values dropped from CustomEvent serialization

Low Severity

The spread ...(detail ? { detail } : {}) drops valid falsy detail values (like 0, "", or false) from CustomEvents. The previous implementation always included detail for CustomEvent instances regardless of truthiness. Since detail is a prototype getter (not an own property), it won't be recovered by the ...getOwnProperties(value) spread either.

 

^{Reviewed by Cursor Bugbot for commit fbe2a21. Configure here.}