As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 657713 - eval JSON parser hack misfires in strict mode, for objects with duplicate property names
: eval JSON parser hack misfires in strict mode, for objects with duplicate pro...
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla6
Assigned To: Jeff Walden [:Waldo] (remove +bmo to email)
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: 578216
  Show dependency treegraph
Reported: 2011-05-17 11:54 PDT by Jeff Walden [:Waldo] (remove +bmo to email)
Modified: 2011-05-23 14:09 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Patch and test (3.12 KB, patch)
2011-05-17 12:24 PDT, Jeff Walden [:Waldo] (remove +bmo to email)
n.nethercote: review+
Details | Diff | Splinter Review

Description User image Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-17 11:54:58 PDT
js> "use strict"; eval('({"a": 2, "a": 3})')

The eval code is strict mode code, and in strict mode object literals can't have repeated property names.

WebKit dodged this bullet by not doing a JSON-parse in strict mode, which is how I discovered the issue.  That's probably the easiest fix, arguably even the best one -- it provides the right incentives for people parsing JSON with eval to switch.
Comment 1 User image Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-17 12:24:25 PDT
Created attachment 533039 [details] [diff] [review]
Patch and test
Comment 2 User image Nicholas Nethercote [:njn] 2011-05-17 16:53:49 PDT
Comment on attachment 533039 [details] [diff] [review]
Patch and test

Review of attachment 533039 [details] [diff] [review]:

Thanks for fixing the fallout from my dirty hack.
Comment 3 User image Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-18 14:37:19 PDT

I'm too lazy to check, but this arguably might not properly be your fallout, because I don't think we treated {a:1,a:2} as a strict mode error until after the JSON parser hack landed, and the duplicate-property-error failure would likely fall on the code that implemented that as a strict mode error.  But whatever, fixed now.
Comment 4 User image Chris Leary [:cdleary] (not checking bugmail) 2011-05-23 14:09:51 PDT
cdleary-bot mozilla-central merge info:

Note You need to log in before you can comment on or make changes to this bug.