Reviewers: rossberg,
Description:
[es6] Fix String.prototype.normalize to properly validate argument
BUG=v8:4302
LOG=n
Please review this at https://codereview.chromium.org/1237873003/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+11, -3 lines):
M src/i18n.js
M src/string.js
M test/mjsunit/string-normalize.js
Index: src/i18n.js
diff --git a/src/i18n.js b/src/i18n.js
index
79e988062e9425d052830d8b157089702a6bd83d..a4556c75637006135575d9f0849f75e1cdc8edd1
100644
--- a/src/i18n.js
+++ b/src/i18n.js
@@ -1989,14 +1989,14 @@
OverrideFunction(GlobalString.prototype, 'localeCompare', function(that) {
* If the form is not one of "NFC", "NFD", "NFKC", or "NFKD", then throw
* a RangeError Exception.
*/
-OverrideFunction(GlobalString.prototype, 'normalize', function(that) {
+OverrideFunction(GlobalString.prototype, 'normalize', function(form) {
if (%_IsConstructCall()) {
throw MakeTypeError(kOrdinaryFunctionCalledAsConstructor);
}
CHECK_OBJECT_COERCIBLE(this, "String.prototype.normalize");
- var form = GlobalString(%_Arguments(0) || 'NFC');
+ form = IS_UNDEFINED(form) ? 'NFC' : form;
var NORMALIZATION_FORMS = ['NFC', 'NFD', 'NFKC', 'NFKD'];
Index: src/string.js
diff --git a/src/string.js b/src/string.js
index
3ddd6d26cedfd9e49a5e624e071f0caeb005fba7..f3d9ce34ec5e18445f0d181f4729d80aacec3247
100644
--- a/src/string.js
+++ b/src/string.js
@@ -192,7 +192,7 @@ function StringMatchJS(regexp) {
function StringNormalizeJS(form) {
CHECK_OBJECT_COERCIBLE(this, "String.prototype.normalize");
- var form = form ? TO_STRING_INLINE(form) : 'NFC';
+ var form = IS_UNDEFINED(form) ? 'NFC' : TO_STRING_INLINE(form);
var NORMALIZATION_FORMS = ['NFC', 'NFD', 'NFKC', 'NFKD'];
var normalizationForm =
Index: test/mjsunit/string-normalize.js
diff --git a/test/mjsunit/string-normalize.js
b/test/mjsunit/string-normalize.js
index
f88f193a091fbab46d15685cf10ea755a7f501fd..d8ae74d4eaf12c49409299cef14d56032697f330
100644
--- a/test/mjsunit/string-normalize.js
+++ b/test/mjsunit/string-normalize.js
@@ -9,3 +9,11 @@ assertEquals('', ''.normalize());
assertThrows(function() { ''.normalize('invalid'); }, RangeError);
assertTrue(delete Array.prototype.join);
assertThrows(function() { ''.normalize('invalid'); }, RangeError);
+
+// All of these toString to an invalid form argument.
+assertThrows(function() { ''.normalize(null) }, RangeError);
+assertThrows(function() { ''.normalize(true) }, RangeError);
+assertThrows(function() { ''.normalize(false) }, RangeError);
+assertThrows(function() { ''.normalize(42) }, RangeError);
+assertThrows(function() { ''.normalize({}) }, RangeError);
+assertThrows(function() { ''.normalize([]) }, RangeError);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
