caplet : Message: Re: [caplet] Code that lexes differently in ES3 vs ES3.1

Douglas Crockford wrote:
> David-Sarah Hopwood wrote:
>> Consider the following JavaScript source:
>>
>> [ /[/]/ /foo]/ + bar
>>
>> According to the ES3 spec, this is interpreted as:
>>
>> [ new RegExp("[") ] / new RegExp("foo]") + bar
>>
>> According to the ES3.1 draft spec, it is interpreted as:
>>
>> [ new RegExp("[\/]") / foo ] / +bar
>>
>> Apparently, Firefox and IE7 were lexing regexp literals in the way
>> ES3.1 specifies. I had considered re-allowing regexp literals in
>> Jacaranda 0.4, but this has scared me off doing so -- the potential
>> for lexical confusion attacks is just too great.
>
> ADsafe rejects [ /[/]/ /foo]/ + bar. Just because ECMAScript says its ok
doesn't
> mean that ADsafe must. ADsafe insists that all internal / must have \.

I'm confused -- how does it know that the middle '/' in "/[/]/" is
"internal"? Is it lexing according to the intersection of Pattern
from section 15.10.1, and RegularExpressionBody?

--
David-Sarah Hopwood ⚥

Expand Messages

Author

Sort by Date

Consider the following JavaScript source: [ /[/]/ /foo]/ + bar According to the ES3 spec, this is interpreted as: [ new RegExp("[") ] / new RegExp("foo]") +...

David-Sarah Hopwood
david.hopwood@...

Feb 9, 2009
5:16 pm

From what I remember this started out as a bug in IE and then Firefox followed suit for compatibility which left the other browsers with no choice. I can't...

Marcel Laverdet
marcel.laverdet

Feb 9, 2009
5:43 pm

... No, other browsers followed suit first. ... https://bugzilla.mozilla.org/show_bug.cgi?id=309840 Quoting from comment 0: Description From Jesse Ruderman...

Brendan Eich
brendaneich

Feb 9, 2009
6:55 pm

My apologies....

Marcel Laverdet
marcel.laverdet

Feb 10, 2009
7:32 am

No need to apologize, and I did not aim to blame Opera or Safari in citing the record. This was not a situation where anyone fielding a browser compatible...

Brendan Eich
brendaneich

Feb 10, 2009
9:07 am

... <https://bugzilla.mozilla.org/show_bug.cgi?id=309840#c12> # This fixes a highly dup'ed IE compatibility bug. It's an extension # to ECMA syntax that's...

David-Sarah Hopwood
david.hopwood@...

Feb 10, 2009
2:34 pm

... You're right, but so what? The IE bug and monopoly combined to create a de-facto standard. Appealing to the de-jure standard does you no good, and...

Brendan Eich
brendaneich

Feb 10, 2009
7:13 pm

... I could, if I knew that there were no more bugs like this. Note that lexical confusion attacks of this kind can easily be turned into complete breaks of a...

David-Sarah Hopwood
david.hopwood@...

Feb 10, 2009
2:12 pm

... Plenty. But I suspect you know of them. There's conditional compilation comments /* @cc_on */, and there's the newlines in block comments thing return /*...

Mike Samuel
mikesamuel

Feb 11, 2009
2:36 am

... Fixed in Firefox 3.1 beta nightlies: https://bugzilla.mozilla.org/show_bug.cgi?id=475834 We could push the fix back into a 3.0.x maintenance release if it ...

Brendan Eich
brendaneich

Feb 11, 2009
3:10 am

... ADsafe rejects [ /[/]/ /foo]/ + bar. Just because ECMAScript says its ok doesn't mean that ADsafe must. ADsafe insists that all internal / must have \....

Douglas Crockford
douglascrock...

Feb 9, 2009
9:17 pm

2009/2/9 Douglas Crockford <douglas@...> ... Cajita disallows regex literals, but Valija uses the ES3.1 rule for lexing regexs and rewrites [ /[/]/...

Mike Samuel
mikesamuel

Feb 10, 2009
3:02 am

... I'm confused -- how does it know that the middle '/' in "/[/]/" is "internal"? Is it lexing according to the intersection of Pattern from section 15.10.1,...

David-Sarah Hopwood
david.hopwood@...

Feb 10, 2009
2:44 pm

Yahoo! Groups Tips

Did you know...

Messages

Yahoo! My Yahoo! Mail
	Sign In New User? Sign Up
		Tech - Groups - Help

Yahoo! Groups Tips

Did you know...

Best of Y! Groups

Messages