LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-21 02:08:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibJS: Convert matched regex result to string in Symbol.replace

Browse Source 
This would crash on an undefined match (no match), since the matched
result was assumed to be a string (such as on discord.com). The spec
suggests converting it to a string as well:
https://tc39.es/ecma262/#sec-regexp.prototype-@@replace (14#c)
This commit is contained in:
Idan Horowitz 2021-04-17 15:46:19 +03:00 committed by Linus Groh
parent 358697a32f
commit 6cd318d784
Notes: sideshowbarker 2024-07-18 19:30:45 +09:00 
Author: https://github.com/IdanHo
Commit: https://github.com/SerenityOS/serenity/commit/6cd318d7845
Pull-request: https://github.com/SerenityOS/serenity/pull/6409
Reviewed-by: https://github.com/alimpfard
Reviewed-by: https://github.com/linusg
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp
View File

@ -346,7 +346,11 @@ JS_DEFINE_NATIVE_FUNCTION(RegExpPrototype::symbol_replace)
size_t result_length = length_of_array_like(global_object, result);
size_t n_captures = result_length == 0 ? 0 : result_length - 1;
auto matched = result.get(0).value_or(js_undefined());
auto matched_value = result.get(0).value_or(js_undefined());
if (vm.exception())
return {};
auto matched = matched_value.to_string(global_object);
if (vm.exception())
return {};
@ -387,7 +391,7 @@ JS_DEFINE_NATIVE_FUNCTION(RegExpPrototype::symbol_replace)
if (replace_value.is_function()) {
MarkedValueList replacer_args(vm.heap());
replacer_args.append(matched);
replacer_args.append(js_string(vm, matched));
replacer_args.append(move(captures));
replacer_args.append(Value(position));
replacer_args.append(js_string(vm, string));
@ -416,7 +420,7 @@ JS_DEFINE_NATIVE_FUNCTION(RegExpPrototype::symbol_replace)
builder.append(replacement);
accumulated_result = builder.build();
next_source_position = position + matched.as_string().string().length();
next_source_position = position + matched.length();
}
}

7
Userland/Libraries/LibJS/Tests/builtins/RegExp/RegExp.prototype.exec.js
View File

@ -148,3 +148,10 @@ test("empty character class semantics", () => {
expect(res.length).toBe(1);
expect(res[0]).toBe("x");
});
// #6409
test("undefined match result", () => {
const r = /foo/;
r.exec = () => ({});
expect(r[Symbol.replace]()).toBe("undefined");
});