Bug 10183 - REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal (Fanfiction.net author pages not listing stories)
: REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal (Fa...
Status: RESOLVED FIXED
: WebKit
JavaScriptCore
: 420+
: Macintosh Mac OS X 10.4
: P1 Normal
Assigned To:
: http://www.fanfiction.net/u/691439/
: Regression
:
:
  Show dependency treegraph
 
Reported: 2006-08-01 04:46 PST by
Modified: 2006-09-25 11:02 PST (History)


Attachments
Obsufucated Javascript output decoded (7.24 KB, text/html)
2006-08-22 16:31 PST, bugzilla@mrdini.com
no flags Details
reduced test case (115 bytes, text/html)
2006-08-23 04:21 PST, Alexey Proskuryakov
no flags Details
proposed fix (59.15 KB, patch)
2006-09-22 13:27 PST, Alexey Proskuryakov
mjs: review+
Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-08-01 04:46:05 PST
It would appear that Fanfiction.net have changed how they list the stories on an author's page. It used to work as little as a week ago.
------- Comment #1 From 2006-08-02 00:30:05 PST -------
The URL provided currently gives me a server error in both Safari and Firefox.  Will try again later.
------- Comment #2 From 2006-08-22 16:31:13 PST -------
Created an attachment (id=10172) [details]
Obsufucated Javascript output decoded
------- Comment #3 From 2006-08-22 16:33:15 PST -------
There seems to be an issue with the "eval" bit on line 13 of the attached HTML file.

The javascript in the attached HTML file is taken from fanfiction.net - this is the bit that prevents the stories list from appearing.
------- Comment #4 From 2006-08-23 04:21:54 PST -------
Created an attachment (id=10177) [details]
reduced test case
------- Comment #5 From 2006-08-23 07:25:16 PST -------
(In reply to comment #4)
> Created an attachment (id=10177) [edit] [details]
> reduced test case
> 

Both TOT and Firefox display the following: **f** (should be **f**), while shipping Safari gives this: **f££ (should be **f**).
------- Comment #6 From 2006-08-23 10:52:25 PST -------
You are right, I was fooled by similar symptoms in stock and TOT, while the cause is different.

So, this actually looks like a regression from bug 4931 (a string literal here includes a soft hyphen, and removing it breaks decoding).
------- Comment #7 From 2006-09-22 13:27:22 PST -------
Created an attachment (id=10715) [details]
proposed fix

Some other possible approaches to the problem:
- preserve Cf characters in literals, but strip from code;
- change nothing, and evangelize the site instead.
------- Comment #8 From 2006-09-23 01:14:10 PST -------
(From update of attachment 10715 [details])
r=me

It's not worth being technically correct on this point if it's gonna cause compatibility problems. We should let the ECMA committee know so they can fix this for a future version of the spec.
------- Comment #9 From 2006-09-23 11:09:55 PST -------
Committed revision 16542.
------- Comment #10 From 2006-09-25 10:23:37 PST -------
Could we strip out the other Cf characters, and just allow soft hyphen?
------- Comment #11 From 2006-09-25 11:02:23 PST -------
The soft hyphen is the only Cf character in Latin-1, so making it an exception would probably resolve issues with "binary" strings, such as the one in this bug. However, it is also easy to imagine e.g. RTL/LTR overrides being used in literals.

I guess I just don't get the reason behind this ECMA rule, so I don't see any real benefit in deviating from what other browsers do.