Bug 14244

Summary: Data corruption when using a replace() callback function with data containing "$"
Product: WebKit Reporter: Steven Levithan <steves_list>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mrowe
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: PC   
OS: Windows XP   
URL: http://blog.stevenlevithan.com/javascript/commafy-numbers/
Attachments:
Description Flags
Test case
none
Patch mitz: review+

Steven Levithan
Reported 2007-06-20 13:42:40 PDT
When using a function for the replacement argument with the String.replace() method, the returned data is somehow returned incorrectly if it contains a dollar sign ("$") followed by a number for which there is a corresponding capturing group in the regular expression pattern being searched for. This corruption does not directly result from the regular expression or any other JavaScript code being run over the data. Here's reduced code to reproduce the bug: var str = '$1'; alert(str.replace(/(\D)(\d)/g, function($0){return $0;})); Values to set for str, and the results: - '$1' (as shown above) incorrectly returns just $. - '$2' incorrectly returns just 2. - Other values correctly result in the entire, original test string being returned.
Attachments
Test case (334 bytes, text/html)
2007-06-20 14:18 PDT, Mark Rowe (bdash) 		no flags
Details
Patch (5.38 KB, patch)
2007-06-20 16:23 PDT, Mark Rowe (bdash) 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2007-06-20 14:18:56 PDT
Created attachment 15146 [details] Test case
Mark Rowe (bdash)
Comment 2 2007-06-20 14:19:35 PDT
Confirmed. I can reproduce this on Safari 2.0.r and 3 beta on Mac.
Mark Rowe (bdash)
Comment 3 2007-06-20 14:21:24 PDT
I have a fix for this in my tree, I just need to write up some test cases to better cover the expected behaviours.
Mark Rowe (bdash)
Comment 4 2007-06-20 16:23:14 PDT
Created attachment 15149 [details] Patch
mitz
Comment 5 2007-06-20 16:43:47 PDT
Comment on attachment 15149 [details] Patch r=me
Mark Rowe (bdash)
Comment 6 2007-06-20 17:00:36 PDT
Landed in r23675. Thanks for the bug report!
Note You need to log in before you can comment on or make changes to this bug.