Reviewers: kpreid1,
Description:
The input and index properties were whitelisted on the result of exec()
calls, but not on e.g. String.match, which implicitly uses exec and
returns
the same kind of object.
Please review this at http://codereview.appspot.com/6816107/
Affected files:
M src/com/google/caja/es53.js
M tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
Index: src/com/google/caja/es53.js
===================================================================
--- src/com/google/caja/es53.js (revision 5141)
+++ src/com/google/caja/es53.js (working copy)
@@ -3718,7 +3718,10 @@
function tameStringRegExp(orig) {
return markFunc(function (regexp) {
var cast = enforceMatchable(regexp);
- return orig.call(this, cast ? ('' + regexp) : regexp);
+ var result = orig.call(this, cast ? ('' + regexp) : regexp);
+ grantRead(result, 'index');
+ grantRead(result, 'input');
+ return result;
});
}
Index: tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
===================================================================
--- tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
(revision 5141)
+++ tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
(working copy)
@@ -170,6 +170,12 @@
"assertEquals('' + (/(.*)/).exec(), 'undefined,undefined');");
}
+ public final void testRegExpProps() throws Exception {
+ assertConsistent("'abcd'.match(/c/).index");
+ assertConsistent("'abcd'.match(/c/).input");
+ assertConsistent("'cdbBdbsbz'.match(/d(b+)(d)/i).join('|')");
+ }
+
public final void testClosure() throws Exception {
assertConsistent(
"function f() {" +
