1607405 - <input pattern> should not allow invalid regexes to escape group

Status: RESOLVED FIXED

(Core :: DOM: Forms, defect, P3)

Description

[Timothy Gu [:TimothyGu]]

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.16 Safari/537.36

Steps to reproduce:

Given

<!doctype html>
<meta charset=utf-8>
<input id=test pattern="a)(b">

Type "de" in the input field.

This test is included as part of https://github.com/web-platform-tests/wpt/pull/21060.

Actual results:

test.validity.patternMismatch is true.

Expected results:

The regex is invalid, so per spec the attribute should be ignored, and test.validity.patternMismatch should be false.

However, nsContentUtils::IsPatternMatching surrounds the given pattern with ^(?: and )$, making the resulting regex /^(?:a)(b)$/ a valid regular expression.

A fix would be to verify that the provided pattern is valid by itself, before trying to match the <input>'s value against the augmented pattern.

Comment 1

[Timothy Gu [:TimothyGu]]

Attachment: Bug 1607405 - Validate regexp derived from pattern attribute before using it. r=emilio

In particular, this correctly treats as invalid patterns like "a)(b" that only "become" valid due to the addition of the (?:) non-capturing group, that's originally used to allow the addition of ^ and $ anchors.

Comment 2

[Pulsebot]

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b07e407fe3e5
Validate regexp derived from pattern attribute before using it. r=emilio

Comment 3

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/b07e407fe3e5