Unicode non-character treated as whitespace
Reported by
gareth.h...@portswigger.net,
May 26 2017
|
|||||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.71 Safari/537.36
Steps to reproduce the problem:
1. eval("alert"+String.fromCharCode(65534)+"(1)");
What is the expected behavior?
Illegal character exception
What went wrong?
Non-unicode character is being treated as whitespace. alert function is called.
Did this work before? N/A
Chrome version: 59.0.3071.71 Channel: beta
OS Version: OS X 10.12.3
Flash Version:
Character 65534 is not listed as a whitespace character on the es spec.
https://tc39.github.io/ecma262/#sec-white-space
,
May 30 2017
Hi @brajkumar the behaviour has nothing to do with the title. The character is being treated as whitespace the alert shouldn't be called according to the specification. Both Firefox and Chrome don't follow the specification and treat it as whitespace. I reported this to Mozilla too and they mentioned it's because of backwards compatibility that they treat this character as whitespace. See the following comment: http://searchfox.org/mozilla-central/rev/a14524a72de6f4ff738a5e784970f0730cea03d8/js/src/vm/Unicode.h#245-247 So I guess Chrome also does this for backcompat.
,
May 30 2017
Thank you for providing more feedback. Adding requester "brajkumar@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 30 2017
,
May 31 2017
As per comment #2 confirming this is not a chrome specific issue, so marking it as untriage for more updates on this issue. Thanks!
,
Jun 6 2017
,
Jun 12 2017
1, As I understand this, the reporter is correct and we are not spec compliant. 2, This is trivial to fix. (Fix + regression test in https://chromium-review.googlesource.com/530849) 3, This is yet another deliberate spec deviation for cross-browser compatibility. I'll look into web compatibility before deciding how to proceed.
,
Jun 12 2017
Firefox: Same behaviour as Chrome. --------------------- Our source comments indicate this was done for Firefox compatibility. We ensure the current behaviour via our import of the Mozilla test suite (mozilla/ecma_3/extensions/regress-368516). Observe the 'ecma_3' path segment. This looks to be based on https://bugzilla.mozilla.org/show_bug.cgi?id=368516, which is an 11-year-old issue about breakage of a then-current beta of Yahoo! Mail and .mac web galleries (Apple's then-current online thingy). This was fixed (i.e., current behaviour was introduced) in Mozilla ~10 years ago.
,
Jun 12 2017
MS Edge: Syntax error (invalid character)
,
Jun 13 2017
Web compat (per Dan's comment on the CL): - Firefox: accepts (same as Chrome) - Edge: syntax error (invalid character) - Safari: rejects it [probably also syntax error] I'd say this is low risk for the web. Dan raises the issue of potential node.js incompatibilities.
,
Jun 20 2017
I agree that with the browsers split this is likely safe to ship in Chrome. As for the Node worry, I don't think there's much to be done there: we can't add a usecounter, and I don't think we should let Node's till-now-V8-specificness hold us back from web/spec interop. TL;DR: I think this is a good change to make.
,
Jun 20 2017
Fix should appear in V8 6.1 / Chrome M61. If compatibility issues are reported, we'll likely roll this back, though. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by brajkumar@chromium.org
, May 29 2017Labels: Needs-Feedback
7.3 KB
7.3 KB View Download
6.4 KB
6.4 KB View Download