[Webkit-unassigned] [Bug 274449] New: [JSC] Use `RegExp.prototype[@@split]` slow path if `hasIndices` and `dotAll` getters has been overwritten

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 21 00:23:42 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=274449

            Bug ID: 274449
           Summary: [JSC] Use `RegExp.prototype[@@split]` slow path if
                    `hasIndices` and `dotAll` getters has been overwritten
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aosukeke at gmail.com

`RegExp.prototype[@@split]` calls the `hasIndices` and `dotAll` getters via the `flags`
    getter[1]. If these getters are overwritten, observable side effects may occur. However, the fast
    path skips these getter calls.

    [1]: https://tc39.es/ecma262/multipage/text-processing.html#sec-regexp.prototype-@@split

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240521/d6244667/attachment.htm>

More information about the webkit-unassigned mailing list