Updates:
Status: Accepted
Owner: [email protected]
Labels: -Priority-Critical -Restrict-View-Commit Priority-Medium
Comment #7 on issue 1393 by [email protected]: Last RegExp input can be
accessed from anywhere
http://code.google.com/p/v8/issues/detail?id=1393
You are not alone in seeing this as a problem. :)
There is currently a movement towards changing this behavior (passing the
last regexp input to test and exec, if they are called without an explicit
input). I believe both Safari and Firefox are trying out the behavior that
the ECMAScript specification requires in their nightlies, to see if it will
break pages, but neither has put it into a stable browser yet. I have not
checked the current status of their bug tracking entries recently.
We have a patch waiting in case they decide to go live with the change.
See also the Chromium issue
http://code.google.com/p/chromium/issues/detail?id=75740
(but let's keep this bug open, so it's also tracked in the v8 bug-tracker)
I am not aware of any attempt to stop access to RegExp.input (although it
would be reasonable), but a secure environment would probably have to
prevent direct access to the RegExp constructor completely (just as access
to Function and eval would probably be prevented).
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
