[Webkit-unassigned] [Bug 45959] New: String.prototype.replace implemented incorrectly

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 17 06:03:05 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=45959

           Summary: String.prototype.replace implemented incorrectly
           Product: WebKit
           Version: 525.x (Safari 3.2)
          Platform: PC
               URL: https://bugzilla.mozilla.org/show_bug.cgi?id=597035
        OS/Version: Windows Vista
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pomax at nihongoresources.com


Created an attachment (id=67903)
 --> (https://bugs.webkit.org/attachment.cgi?id=67903)
demonstrator file

To illustrate the problem, all that is needed is to create a page with the following javascript:

  var s = "aaaccc", c2Type = "n/a";
  var ret = s.replace(/(a+)(b+)?/g, function(all, c1, c2, i, str) {
    c2Type = typeof c2;
    return "";
  });
  alert(s+"\n"+c2Type+"\n"+ret);

and then run this via the browser and note the text in the alert.

It should generate an alert with the following text:

aaaccc
string
ccc

Instead, safari generates an alert with the following text:

aaccc
undefined
ccc

Basically, the String.prototype.replace function as described in the ECMA-262 standard is not properly implemented. The problem was analysed on https://bugzilla.mozilla.org/show_bug.cgi?id=597035 and concluded by Brendan Eich. The idea is that if the search value is a regexp, and the replacement is a function, then that function is called with a fluid number of arguments. If the regexp has n capture groups, the function will be called with the following arguments:

1) The full regexp match
1+0) The string caught by the region covered by the first left-parens in the regexp, to its closing parens
...
1+n+1) The string caught by the region covered by the last left-parens in the regexp, to its closing parens
1+n+2) the position in the original string that the full regexp matched on
1+n+3) the original string

except for the position in the original string, all of these arguments are strings, with empty matches represented by the empty string "".

However, in the implementation used by Webkit (as well as Opera and Chromium, it should be noted), the empty captures are left undefined, instead of defined as "". This is incorrect, and should be fixed.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list