Closed Bug 1607405 Opened 6 months ago Closed 3 months ago

<input pattern> should not allow invalid regexes to escape group

Categories

(Core :: DOM: Forms, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla77
Tracking Status
firefox77 --- fixed

People

(Reporter: TimothyGu, Assigned: TimothyGu)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.16 Safari/537.36

Steps to reproduce:

Given

<!doctype html>
<meta charset=utf-8>
<input id=test pattern="a)(b">

Type "de" in the input field.

This test is included as part of https://github.com/web-platform-tests/wpt/pull/21060.

Actual results:

test.validity.patternMismatch is true.

Expected results:

The regex is invalid, so per spec the attribute should be ignored, and test.validity.patternMismatch should be false.

However, nsContentUtils::IsPatternMatching surrounds the given pattern with ^(?: and )$, making the resulting regex /^(?:a)(b)$/ a valid regular expression.

A fix would be to verify that the provided pattern is valid by itself, before trying to match the <input>'s value against the augmented pattern.

Component: DOM: Core & HTML → DOM: Forms
Priority: -- → P3

In particular, this correctly treats as invalid patterns like "a)(b" that only "become" valid due to the addition of the (?:) non-capturing group, that's originally used to allow the addition of ^ and $ anchors.

Assignee: nobody → timothygu99
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b07e407fe3e5
Validate regexp derived from pattern attribute before using it. r=emilio
Status: UNCONFIRMED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.