Summary: | JavaScript identifier incorrectly parsed if the prefix before an escape sequence is a keyword | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Alan Tam <Tam> | ||||||
Component: | JavaScriptCore | Assignee: | Michael Saboff <msaboff> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | ggaren, msaboff | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Alan Tam
2015-01-13 17:49:23 PST
This is probably related to adding for..in iteration to the parser. Using ToT r178251. For "in\u00e9dit = 1;" I get: SyntaxError: Unexpected keyword 'in' For "var in\u00e9dit = 1;" I get: SyntaxError: Cannot use the keyword 'in' as a variable name. It is not limited to for..in, but all keywords. Indeed, object literal is another way to trigger the bug.
> ({while\u00e9dit:1})
SyntaxError: Unexpected identifier '\u00e9dit'. Expected a ':' following the property name 'while'.
Again, this works in Chrome and Firefox, returning this hash: {"whileédit":1}
Yes, it affects all keywords. Test performance of a patch now. The problem is due to parseKeyword() matching the "in" or any other keyword. It then calls isIdentPart() on the next character, the \ for the unicode escape. isIdentPart() only looks for characters with the types of CharacterIdentifierStart, CharacterZero and CharacterNumber. The \ character is CharacterBackSlash. The character that results from the unicode escape \u00e9 is é, which has the character class CharacterIdentifierStart. parseKeyword() is generated from KeywordLookupGenerator.py. Looks like it needs to be taught about escaped characters. Adding a new isIdentPartOrEscape() function that will call isIdentPart(). If that fails, it looks for '\' an a valid unicode escape. If it finds one, it checks that unicode character with isIdentPart(). Created attachment 244611 [details]
Patch
Created attachment 244612 [details]
Performance results of the patch
Seems to be neutral.
Committed r178427: <http://trac.webkit.org/changeset/178427> |