So the function declaration is as follows:

function shExpMatch(url, pattern) {
   pattern = pattern.replace(/\\./g, '\\\\.');
   pattern = pattern.replace(/\\*/g, '.*');
   pattern = pattern.replace(/\\?/g, '.');
   var newRe = new RegExp('^'+pattern+'$');
   return newRe.test(url);
}

Running "https://www.microsoft.com/ja-jp".replace(/\\?/g, '.'); in the console gives me:  ".h.t.t.p.s.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.j.a.-.j.p." (And running it after the second substitution is even uglier, just simpler to focus on the third).

So the last replacement is wrong.  Unclear if this is a V8 bug or a bug in the PAC code, though I'd lead towards a v8 issue, since presumably it should be replacing ?'s with .'s, as the ? is escaped.

Actually, the second one looks wrong, too..."https://www.microsoft.com/ja-jp".replace(/\\*/g, '.*'); is giving us:  ".*h.*t.*t.*p.*s.*:.*/.*/.*w.*w.*w.*..*m.*i.*c.*r.*o.*s.*o.*f.*t.*..*c.*o.*m.*/.*j.*a.*-.*j.*p.*"

We do have tests for shExpMatch, which do seem to be passing, curiously.

Oops, I forgot that the string appeared in C code...correctly unescaping it and running the js in the console, shExpMatch seems to be working as expected, and shExpMatch("https://www.microsoft.com/ja-jp", "https://www.microsoft.com/ja-jp*"); is returning true.  Hrm...

Oh, the issue here is that we no longer send full HTTPS URLs to PAC scripts - we only send the origin.  This is so that a hostile PAC script can't steal securely accessed URLs.

Since this is a privacy feature and an expected behavior, WontFixing this.   Issue 593759  caused the change in behavior.