Revision: 5142
Author: metaweta
Date: Thu Nov 8 11:47:38 2012
Log: Whitelists index and input on regexp matches in ES53. Fixes 1586.
http://codereview.appspot.com/6816107
The input and index properties were whitelisted on the result of exec()
calls, but not on e.g. String.match, which implicitly uses exec and returns
the same kind of object.
[email protected]
http://code.google.com/p/google-caja/source/detail?r=5142
Modified:
/trunk/src/com/google/caja/es53.js
/trunk/tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
=======================================
--- /trunk/src/com/google/caja/es53.js Wed Sep 26 17:56:36 2012
+++ /trunk/src/com/google/caja/es53.js Thu Nov 8 11:47:38 2012
@@ -3718,7 +3718,12 @@
function tameStringRegExp(orig) {
return markFunc(function (regexp) {
var cast = enforceMatchable(regexp);
- return orig.call(this, cast ? ('' + regexp) : regexp);
+ var result = orig.call(this, cast ? ('' + regexp) : regexp);
+ if (result !== null) {
+ grantRead(result, 'index');
+ grantRead(result, 'input');
+ }
+ return result;
});
}
=======================================
--- /trunk/tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
Tue Sep 25 14:01:03 2012
+++ /trunk/tests/com/google/caja/parser/quasiliteral/ES53RewriterTest.java
Thu Nov 8 11:47:38 2012
@@ -169,6 +169,13 @@
rewriteAndExecute(
"assertEquals('' + (/(.*)/).exec(), 'undefined,undefined');");
}
+
+ public final void testRegExpProps() throws Exception {
+ assertConsistent("'abcd'.match(/c/).index");
+ assertConsistent("'abcd'.match(/c/).input");
+ assertConsistent("'cdbBdbsbz'.match(/d(b+)(d)/i).join('|')");
+ assertConsistent("'should not match'.match(/z/);");
+ }
public final void testClosure() throws Exception {
assertConsistent(
