Closed Bug 1317310 Opened 3 years ago Closed 3 years ago

Reject null-escape with trailing decimal digit in character classes for Unicode RegExps

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla53
Tracking Status
firefox52 --- wontfix
firefox53 --- fixed

People

(Reporter: anba, Assigned: anba)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Test case:
---
/[\01]/u
---

Expected: Throws a SyntaxError
Actual: No exception thrown
Attached patch bug1317310.patchSplinter Review
/\01/u already throws a SyntaxError, and now does /[\01]/u, too.
Attachment #8810532 - Flags: review?(arai.unmht)
Comment on attachment 8810532 [details] [diff] [review]
bug1317310.patch

Review of attachment 8810532 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks :D
Attachment #8810532 - Flags: review?(arai.unmht) → review+
Keywords: checkin-needed
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8f843fadcf4e
Disallow trailing decimal digit after null-escape in character classes in Unicode regular expressions. r=arai
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/8f843fadcf4e
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
We should probably look into backporting this.
Flags: needinfo?(andrebargull)
I think the only reason it could be worthwhile to backport this bug, is that it helps to ensure no web content will be created which uses this invalid escape sequence. JSC and Chakra currently don't throw an error for /[\01]/u (and for /\01/u). V8 only throws an error when the regular expression is executed (https://bugs.chromium.org/p/v8/issues/detail?id=896).
Flags: needinfo?(andrebargull)
You need to log in before you can comment on or make changes to this bug.