[webkit-changes] [WebKit/WebKit] cd16ef: [Regression] pattern attribute handling for invali...

Michael Saboff noreply at github.com
Wed Oct 18 21:57:29 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cd16ef7144b7cb7f5e3bc2b541c89bccdff5d820
      https://github.com/WebKit/WebKit/commit/cd16ef7144b7cb7f5e3bc2b541c89bccdff5d820
  Author: Michael Saboff <msaboff at apple.com>
  Date:   2023-10-18 (Wed, 18 Oct 2023)

  Changed paths:
    M JSTests/stress/regexp-vflag-property-of-strings.js
    M Source/JavaScriptCore/yarr/YarrParser.h

  Log Message:
  -----------
  [Regression] pattern attribute handling for invalid regular expressions (unicode-invalid-01)
https://bugs.webkit.org/show_bug.cgi?id=261077
rdar://115234392

Reviewed by Yusuke Suzuki.

Fixed issue where RegExp parsing code allowed escaped ClassSetReservedPunctuator characters anywhere in an expression with the 'v' flag.
The ECMAScript standard actually only allows escaped ClassSetReservedPunctuator characters within a ClassSetExpression or a ClassStringDisjunction.
See https://tc39.es/ecma262/#prod-ClassSetExpression and https://tc39.es/ecma262/#prod-ClassStringDisjunction and follow the productions to
ClassSetCharacter which has a production \ ClassSetReservedPunctuator.

Added tests to check the syntax errors when ClassSetReservedPunctuator characters are used incorrectly as well as tests with ClassSetReservedPunctuator
characters in both a Class Set and a Class String Disjunction.

* JSTests/stress/regexp-vflag-property-of-strings.js:
* Source/JavaScriptCore/yarr/YarrParser.h:
(JSC::Yarr::Parser::isIdentityEscapeAnError):
(JSC::Yarr::Parser::parseEscape):

Canonical link: https://commits.webkit.org/269502@main




More information about the webkit-changes mailing list