Bug 10183

Summary: REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal (Fanfiction.net author pages not listing stories)
Product: WebKit Reporter: Hone Melgren <honem>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bugzilla, mitz
Priority: P1 Keywords: Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://www.fanfiction.net/u/691439/
Attachments:
Description Flags
Obsufucated Javascript output decoded
none
reduced test case
none
proposed fix mjs: review+

Description Hone Melgren 2006-08-01 04:46:05 PDT 
It would appear that Fanfiction.net have changed how they list the stories on an author's page. It used to work as little as a week ago.
Comment 1 Mark Rowe (bdash) 2006-08-02 00:30:05 PDT 
The URL provided currently gives me a server error in both Safari and Firefox.  Will try again later.
Comment 2 bugzilla 2006-08-22 16:31:13 PDT 
Created attachment 10172 [details]
Obsufucated Javascript output decoded
Comment 3 bugzilla 2006-08-22 16:33:15 PDT 
There seems to be an issue with the "eval" bit on line 13 of the attached HTML file.

The javascript in the attached HTML file is taken from fanfiction.net - this is the bit that prevents the stories list from appearing.
Comment 4 Alexey Proskuryakov 2006-08-23 04:21:54 PDT 
Created attachment 10177 [details]
reduced test case
Comment 5 mitz 2006-08-23 07:25:16 PDT 
(In reply to comment #4)
> Created an attachment (id=10177) [edit]
> reduced test case
> 

Both TOT and Firefox display the following: **f** (should be **f**), while shipping Safari gives this: **f££ (should be **f**).
Comment 6 Alexey Proskuryakov 2006-08-23 10:52:25 PDT 
You are right, I was fooled by similar symptoms in stock and TOT, while the cause is different.

So, this actually looks like a regression from bug 4931 (a string literal here includes a soft hyphen, and removing it breaks decoding).
Comment 7 Alexey Proskuryakov 2006-09-22 13:27:22 PDT 
Created attachment 10715 [details]
proposed fix

Some other possible approaches to the problem:
- preserve Cf characters in literals, but strip from code;
- change nothing, and evangelize the site instead.
Comment 8 Maciej Stachowiak 2006-09-23 01:14:10 PDT 
Comment on attachment 10715 [details]
proposed fix

r=me

It's not worth being technically correct on this point if it's gonna cause compatibility problems. We should let the ECMA committee know so they can fix this for a future version of the spec.
Comment 9 Alexey Proskuryakov 2006-09-23 11:09:55 PDT 
Committed revision 16542.
Comment 10 Darin Adler 2006-09-25 10:23:37 PDT 
Could we strip out the other Cf characters, and just allow soft hyphen?
Comment 11 Alexey Proskuryakov 2006-09-25 11:02:23 PDT 
The soft hyphen is the only Cf character in Latin-1, so making it an exception would probably resolve issues with "binary" strings, such as the one in this bug. However, it is also easy to imagine e.g. RTL/LTR overrides being used in literals.

I guess I just don't get the reason behind this ECMA rule, so I don't see any real benefit in deviating from what other browsers do.