1317310 - Reject null-escape with trailing decimal digit in character classes for Unicode RegExps

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[André Bargull [:anba]]

Test case:
---
/[\01]/u
---

Expected: Throws a SyntaxError
Actual: No exception thrown

Comment 1

[André Bargull [:anba]]

Attachment: bug1317310.patch

/\01/u already throws a SyntaxError, and now does /[\01]/u, too.

Comment 2

[Tooru Fujisawa [:arai]]

Comment on attachment 8810532 [details] [diff] [review]
bug1317310.patch

Review of attachment 8810532 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks :D

Comment 3

[Pulsebot]

Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8f843fadcf4e
Disallow trailing decimal digit after null-escape in character classes in Unicode regular expressions. r=arai

Comment 4

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/8f843fadcf4e

Comment 5

[Hannes Verschore [:h4writer]]

We should probably look into backporting this.

Comment 6

[André Bargull [:anba]]

I think the only reason it could be worthwhile to backport this bug, is that it helps to ensure no web content will be created which uses this invalid escape sequence. JSC and Chakra currently don't throw an error for /[\01]/u (and for /\01/u). V8 only throws an error when the regular expression is executed (https://bugs.chromium.org/p/v8/issues/detail?id=896).