Bug 10183 - REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal (Fanfiction.net author pages not listing stories)
: REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal (Fa...
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore
: 420+
: Macintosh Mac OS X 10.4
: P1 Normal
Assigned To: Nobody
: Regression
Depends on:
  Show dependency treegraph
Reported: 2006-08-01 04:46 PDT by Hone Melgren
Modified: 2006-09-25 11:02 PDT (History)
3 users (show)

See Also:

Obsufucated Javascript output decoded (7.24 KB, text/html)
2006-08-22 16:31 PDT, bugzilla
no flags Details
reduced test case (115 bytes, text/html)
2006-08-23 04:21 PDT, Alexey Proskuryakov
no flags Details
proposed fix (59.15 KB, patch)
2006-09-22 13:27 PDT, Alexey Proskuryakov
mjs: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Hone Melgren 2006-08-01 04:46:05 PDT
It would appear that Fanfiction.net have changed how they list the stories on an author's page. It used to work as little as a week ago.
Comment 1 Mark Rowe (bdash) 2006-08-02 00:30:05 PDT
The URL provided currently gives me a server error in both Safari and Firefox.  Will try again later.
Comment 2 bugzilla 2006-08-22 16:31:13 PDT
Created attachment 10172 [details]
Obsufucated Javascript output decoded
Comment 3 bugzilla 2006-08-22 16:33:15 PDT
There seems to be an issue with the "eval" bit on line 13 of the attached HTML file.

The javascript in the attached HTML file is taken from fanfiction.net - this is the bit that prevents the stories list from appearing.
Comment 4 Alexey Proskuryakov 2006-08-23 04:21:54 PDT
Created attachment 10177 [details]
reduced test case
Comment 5 mitz@webkit.org 2006-08-23 07:25:16 PDT
(In reply to comment #4)
> Created an attachment (id=10177) [edit]
> reduced test case

Both TOT and Firefox display the following: **f** (should be **f**), while shipping Safari gives this: **f££ (should be **f**).
Comment 6 Alexey Proskuryakov 2006-08-23 10:52:25 PDT
You are right, I was fooled by similar symptoms in stock and TOT, while the cause is different.

So, this actually looks like a regression from bug 4931 (a string literal here includes a soft hyphen, and removing it breaks decoding).
Comment 7 Alexey Proskuryakov 2006-09-22 13:27:22 PDT
Created attachment 10715 [details]
proposed fix

Some other possible approaches to the problem:
- preserve Cf characters in literals, but strip from code;
- change nothing, and evangelize the site instead.
Comment 8 Maciej Stachowiak 2006-09-23 01:14:10 PDT
Comment on attachment 10715 [details]
proposed fix


It's not worth being technically correct on this point if it's gonna cause compatibility problems. We should let the ECMA committee know so they can fix this for a future version of the spec.
Comment 9 Alexey Proskuryakov 2006-09-23 11:09:55 PDT
Committed revision 16542.
Comment 10 Darin Adler 2006-09-25 10:23:37 PDT
Could we strip out the other Cf characters, and just allow soft hyphen?
Comment 11 Alexey Proskuryakov 2006-09-25 11:02:23 PDT
The soft hyphen is the only Cf character in Latin-1, so making it an exception would probably resolve issues with "binary" strings, such as the one in this bug. However, it is also easy to imagine e.g. RTL/LTR overrides being used in literals.

I guess I just don't get the reason behind this ECMA rule, so I don't see any real benefit in deviating from what other browsers do.