<input pattern> should not allow invalid regexes to escape group
Categories
(Core :: DOM: Forms, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox77 | --- | fixed |
People
(Reporter: TimothyGu, Assigned: TimothyGu)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.16 Safari/537.36
Steps to reproduce:
Given
<!doctype html>
<meta charset=utf-8>
<input id=test pattern="a)(b">
Type "de" in the input field.
This test is included as part of https://github.com/web-platform-tests/wpt/pull/21060.
Actual results:
test.validity.patternMismatch is true.
Expected results:
The regex is invalid, so per spec the attribute should be ignored, and test.validity.patternMismatch should be false.
However, nsContentUtils::IsPatternMatching surrounds the given pattern with ^(?: and )$, making the resulting regex /^(?:a)(b)$/ a valid regular expression.
A fix would be to verify that the provided pattern is valid by itself, before trying to match the <input>'s value against the augmented pattern.
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
Assignee | |
Comment 1•4 years ago
|
||
In particular, this correctly treats as invalid patterns like "a)(b" that only "become" valid due to the addition of the (?:) non-capturing group, that's originally used to allow the addition of ^ and $ anchors.
|
||
Updated•4 years ago
|
Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b07e407fe3e5 Validate regexp derived from pattern attribute before using it. r=emilio
|
||
Comment 3•4 years ago
|
||
| bugherder | ||
Description
•