213023 – An issue about String.prototype.replace

RESOLVED DUPLICATE of bug 205785 213023

An issue about String.prototype.replace

https://bugs.webkit.org/show_bug.cgi?id=213023

Summary An issue about String.prototype.replace

NWU_NISL

Reported 2020-06-10 07:07:02 PDT

According to ES10.0, "String.prototype.replace(searchValue,replaceValue)" will return a new string which matches of "searchValue" is replaced by "replaceValue". But when "relpaceValue" is a string with "$<" and "searchValue" is "/a/", the result is wrong. This is an issue of "String.prototype.replace". #### version d940b47 #### command webkit/WebKitBuild/Release/bin/jsc testcase.js #### testcase var NISLFuzzingFunc = function(){ var result = "a".replace(/a/,"AAAA$<AAAA"); print(result); }; NISLFuzzingFunc(); #### output $<AAAA #### expected output AAAA$<AAAA Contributor:Yuan Wang

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-06-11 18:07:00 PDT

<rdar://problem/64278675>

Alexey Shvayka

Comment 2 2020-06-12 02:10:54 PDT

(In reply to NWU_NISL from comment #0) > #### version > d940b47 This appears to be GitHub WebKit mirror commit hash (rather than git-svn): https://github.com/WebKit/webkit/commit/d940b477848884f63752d25491d9dd0b9d3ccb2d, which points to r246052 (Jun 3, 2019). > #### expected output > AAAA$<AAAA The issue was fixed in r254088 (Jan 6, 2020): I've confirmed that JSC outputs expected "AAAA$<AAAA" since this revision, yet "$<AAAA" before it. *** This bug has been marked as a duplicate of bug 205785 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 205785

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware PC

OS Linux

Product WebKit

Component JavaScriptCore

Assignee

Yusuke Suzuki

Reported

2020-06-10 07:07 PDT

Modified

2020-06-12 02:10 PDT History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks