We can expose a stack trace that led to anonymous script execution but I'm not sure how we can show this stack trace in UI.
Chris, WDYT?

The Network panel's initiator stack trace popup would seem like a good fit for this. When you hover over an initiator link in the Network panel, a popup appears showing a stack trace of where that resource was injected. This lets you both go straight to the injection site (clicking on the link) or any point leading up to where it was added (using the popup). See the first attached screenshot.

So where could this go? How about the footer of the editor? For VM files, add another component beside the line/column number, labelled "Injected from [source file]". "[Source file]" here would be the initiator link. Clicking on the link would open the source file (at the point of injection) in a new window. Hovering over the link would show the stack trace that lead to the injection. See the second attached screenshot.

Would this work?

Deleted: network-initiator-stack-trace.png 169 KB

	network-initiator-stack-trace.png 169 KB View Download

Deleted: b646849-inject-footer.png 139 KB

	b646849-inject-footer.png 139 KB View Download

This looks fantastic to me.

We are collecting the information of scripts which handles touch events, here is the patch https://codereview.chromium.org/2320573006/diff/220001/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp

I got an empty script url, when eval is used, and we want to get the actual script url. Is there any V8 functions, we can use to get the call stack? Thank you. 

I'm not sure that this issue is related. We're going to add additional call stack argument into scriptParsed js_protocol.json event to be able to show this stack for scripts in DevTools frontend.

What do you mean by actual script url? Url of last not anonymous frame in stack trace?
To get stack trace you can use v8::StackTrace::CurrentStackTrace from v8.h, you can get frame from it by GetFrame call and then get url by GetScriptNameOrSourceURL call on frame.
Another possible solution is expose way to iterate through frames on v8_inspector::V8StackTrace and then get this by calling takeStackTrace on SourceLocation.

It is related, Tim was asking how to see from DevTools. We thought we did not need to go over every website, and we could just use devtool to track the scripts. Now we are hoping do to it automatically in the code, I will look at the functions you suggested. 

http://o.aolcdn.com/os/moat/prod/moatuac.js is the actual script Url that calls eval in www.aol.com, but now we only get empty string from SourceLocation's url(). Because we are getting the function information from ScriptState, do you think we can find the frame and the stack trace?

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/3e1e90dec273a508785c109c6dce816a9aeb3372

commit 3e1e90dec273a508785c109c6dce816a9aeb3372
Author: allada <allada@chromium.org>
Date: Thu Mar 16 23:34:11 2017

[Devtools] Add stacktrace to protocol for scriptParsed event

Stacktrace data is now passed when scriptParsed event is triggered.

R=kozyatinskiy@chromium.org,dgozman
BUG= chromium:646849 

Review-Url: https://codereview.chromium.org/2755863002
Cr-Commit-Position: refs/heads/master@{#43879}

[modify] https://crrev.com/3e1e90dec273a508785c109c6dce816a9aeb3372/src/inspector/js_protocol.json
[modify] https://crrev.com/3e1e90dec273a508785c109c6dce816a9aeb3372/src/inspector/v8-debugger-agent-impl.cc
[modify] https://crrev.com/3e1e90dec273a508785c109c6dce816a9aeb3372/test/inspector/debugger/script-on-after-compile-expected.txt
[modify] https://crrev.com/3e1e90dec273a508785c109c6dce816a9aeb3372/test/inspector/debugger/script-on-after-compile.js
[modify] https://crrev.com/3e1e90dec273a508785c109c6dce816a9aeb3372/test/inspector/debugger/script-parsed-for-runtime-evaluate-expected.txt
[modify] https://crrev.com/3e1e90dec273a508785c109c6dce816a9aeb3372/test/inspector/debugger/script-parsed-for-runtime-evaluate.js

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cc09ed9dfa66c1c27020fafe36c07601b947d2ad

commit cc09ed9dfa66c1c27020fafe36c07601b947d2ad
Author: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Date: Sat Aug 25 21:39:58 2018

DevTools: show origin url for anonymous scripts

R=lushnikov@chromium.org

Bug:  chromium:646849 
Change-Id: I8141bcdcfef7d9734ee9f1c97bfa552160fdcd9d
Reviewed-on: https://chromium-review.googlesource.com/1182865
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Andrey Lushnikov <lushnikov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#586149}
[add] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/WebKit/LayoutTests/http/tests/devtools/sources/source-frame-toolbar-items-expected.txt
[add] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/WebKit/LayoutTests/http/tests/devtools/sources/source-frame-toolbar-items.js
[modify] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/blink/renderer/devtools/BUILD.gn
[modify] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/blink/renderer/devtools/front_end/sdk/DebuggerModel.js
[modify] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/blink/renderer/devtools/front_end/sdk/Script.js
[add] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/blink/renderer/devtools/front_end/sources/ScriptOriginPlugin.js
[modify] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/blink/renderer/devtools/front_end/sources/UISourceCodeFrame.js
[modify] https://crrev.com/cc09ed9dfa66c1c27020fafe36c07601b947d2ad/third_party/blink/renderer/devtools/front_end/sources/module.json