Closed
Bug 744784
Opened 12 years ago
Closed 10 years ago
Allow keywords as identifiers if at least one character is represented by a Unicode escape
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mathias, Unassigned)
References
Details
See http://wiki.whatwg.org/wiki/Web_ECMAScript#Identifiers: > Identifiers containing escape sequences are not equivalent to fully > unescaped identifiers in the case that, after fully unescaping identifier, > it is a ReservedWord. In particular it is possible to create Identifiers > that unescape to a reserved word so long as at least one character is fully > escaped. Subsequent use of such identifiers must also have at least one > character escaped (otherwise the reserved word will be used instead) but it > need not be the same character(s) as that originally used to create the > identifier. For example, this should alert 'PASS': function \u0074rue() { alert('PASS'); } \u0074rue(); So should this: function \u0074rue() { alert('PASS'); } tru\u0065();
Comment 1•12 years ago
|
||
Well, I think we should not allow this kind of functions. We already correctly treat escaped identifiers as keywords in every other case. >var \u0074rue; /* SyntaxError */ It think that we allow them as function names is just an oversight and we should probably not allow that. I tried to reply to your question on twitter with the relevant Bug 638667, but I think I failed a bit there. Because it looks like we haven't had any complains about this in the past, we should not allow more things now. (Contrary to the ES5 from my understanding)
Comment 2•12 years ago
|
||
My reading of ES5 (and I wrote the text) does not allow the above. However the ES3 spec. might be interpreted as allowing it. I don't think anything should change until T39 decides what we really want to allow/disallow going forward.
Comment 3•12 years ago
|
||
>(Contrary to the ES5 from my understanding) Badly worded, just to make it clear, ES5 does not allow keywords even as escaped identifiers. http://es5.github.com/#x7.6 >All interpretations of identifiers within this specification are based upon their actual >characters regardless of whether or not an escape sequence was used to contribute any >particular characters.
Comment 4•12 years ago
|
||
See https://bugs.ecmascript.org/show_bug.cgi?id=277 which this bug should depend on (if only we had cross-bugzilla-instance dependencies!). /be
Updated•12 years ago
|
See Also: → https://bugs.ecmascript.org/show_bug.cgi?id=277
Reporter | ||
Comment 6•12 years ago
|
||
FTR, the compatibility requirements are now listed here: http://mathias.html5.org/specs/javascript/#escaped-reserved-words Firefox is the only browser to error on “identifiers” like these. It may be correct behavior as per the ECMAScript spec (and in a perfect world, all engines would implement it like this, and no one would use identifiers like that), but it doesn’t match other implementations. I’m not sure how strong the compatibility requirements are, but it is a risk. Please consider reverting the change in bug 770856 for compatibility/interoperability reasons. Tests: http://mathias.html5.org/tests/javascript/identifiers/
Comment 7•12 years ago
|
||
(In reply to Mathias Bynens from comment #6) > FTR, the compatibility requirements are now listed here: > http://mathias.html5.org/specs/javascript/#escaped-reserved-words > > Firefox is the only browser to error on “identifiers” like these. that's not correct. At least IE8 and IE9 (and almost certainly pre-IE8, but I haven't tested) do not recognize such identifiers. So, this has never been a real interoperability requirement of the web. It has also been discussed on es-discuss and future versions of the ECMAScript specification are not going to make such identifiers legal. Rather than pushing browsers to converge on something that been explicitly determined to be an undesirable and non-standard feature, we should be pushing browsers to converge on correctly implementing the standards. This should be resolved as invalid or wontfix
Reporter | ||
Comment 8•12 years ago
|
||
Okay, let’s try to get other browsers/engines to remove this non-standard extension as well, then. I’ve filed the following bugs: * Opera/Carakan bug: https://bugs.opera.com/browse/DSK-369398 * Chrome/V8: http://code.google.com/p/v8/issues/detail?id=2222 * Safari/JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=90678
Reporter | ||
Updated•12 years ago
|
See Also: → https://bugs.webkit.org/show_bug.cgi?id=90678
Reporter | ||
Updated•12 years ago
|
Comment 9•10 years ago
|
||
What is the status of this? It is security significant for systems that filter or translate code in order to enforce restrictions.
Comment 10•10 years ago
|
||
Per Bug 694360, we treat var thi\u0073; as a syntax error.
Comment 11•10 years ago
|
||
So close this bug?
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Comment 12•10 years ago
|
||
Resolving WONTFIX since we don't want to implement comment 0 and are following ES6 due to bug 694360. If other engines fail to fix this I'm sure a new bug will be opened against us.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•