diff options
| author | Moonchild <moonchild@palemoon.org> | 2021-02-25 01:03:57 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2021-02-25 01:03:57 +0000 |
| commit | ceadffab6b357723981a429e11222daf6cd6dcfb (patch) | |
| tree | 5603053048d6a460f79b22bdf165fb74d32d39b0 /js/src/builtin/Eval.cpp | |
| parent | 14fb2f966e9b54598c451e3cb35b4aa0480dafed (diff) | |
| parent | ad5a13bd501e379517da1a944c104a11d951a3f5 (diff) | |
| download | UXP-40eabef10f3f16a5ece110f35f9f9c5bf8523bb2.tar UXP-40eabef10f3f16a5ece110f35f9f9c5bf8523bb2.tar.gz UXP-40eabef10f3f16a5ece110f35f9f9c5bf8523bb2.tar.lz UXP-40eabef10f3f16a5ece110f35f9f9c5bf8523bb2.tar.xz UXP-40eabef10f3f16a5ece110f35f9f9c5bf8523bb2.zip | |
Merge branch 'master' into releaseRC_20210225
Diffstat (limited to 'js/src/builtin/Eval.cpp')
| -rw-r--r-- | js/src/builtin/Eval.cpp | 48 |
1 files changed, 21 insertions, 27 deletions
diff --git a/js/src/builtin/Eval.cpp b/js/src/builtin/Eval.cpp index 4ee7a35c8..53fa78931 100644 --- a/js/src/builtin/Eval.cpp +++ b/js/src/builtin/Eval.cpp @@ -141,35 +141,29 @@ template <typename CharT> static bool EvalStringMightBeJSON(const mozilla::Range<const CharT> chars) { - // If the eval string starts with '(' or '[' and ends with ')' or ']', it may be JSON. - // Try the JSON parser first because it's much faster. If the eval string - // isn't JSON, JSON parsing will probably fail quickly, so little time - // will be lost. + // If the eval string starts with '(' or '[' and ends with ')' or ']', it + // may be JSON. Try the JSON parser first because it's much faster. If + // the eval string isn't JSON, JSON parsing will probably fail quickly, so + // little time will be lost. size_t length = chars.length(); - if (length > 2 && - ((chars[0] == '[' && chars[length - 1] == ']') || - (chars[0] == '(' && chars[length - 1] == ')'))) - { - // Remarkably, JavaScript syntax is not a superset of JSON syntax: - // strings in JavaScript cannot contain the Unicode line and paragraph - // terminator characters U+2028 and U+2029, but strings in JSON can. - // Rather than force the JSON parser to handle this quirk when used by - // eval, we simply don't use the JSON parser when either character - // appears in the provided string. See bug 657367. - if (sizeof(CharT) > 1) { - for (RangedPtr<const CharT> cp = chars.begin() + 1, end = chars.end() - 1; - cp < end; - cp++) - { - char16_t c = *cp; - if (c == 0x2028 || c == 0x2029) - return false; - } - } + if (length < 2) + return false; - return true; - } - return false; + // It used to be that strings in JavaScript forbid U+2028 LINE SEPARATOR + // and U+2029 PARAGRAPH SEPARATOR, so something like + // + // eval("['" + "\u2028" + "']"); + // + // i.e. an array containing a string with a line separator in it, *would* + // be JSON but *would not* be valid JavaScript. Handing such a string to + // the JSON parser would then fail to recognize a syntax error. As of + // <https://tc39.github.io/proposal-json-superset/> JavaScript strings may + // contain these two code points, so it's safe to JSON-parse eval strings + // that contain them. + + CharT first = chars[0], last = chars[length - 1]; + return (first == '[' && last == ']') || + (first == '(' && last == ')'); } template <typename CharT> |