RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 07:47:35 +00:00
Code Issues Activity Actions

LibJS: Detect invalid unicode and stop lexing at that point

Browse source 
Previously we might swallow invalid unicode point which would skip valid
ascii characters. This could be dangerous as we might skip a '"' thus
not closing a string where we should.
This might have been exploitable as it would not have been clear what
code gets executed when looking at a script.

Another approach to this would be simply replacing all invalid
characters with the replacement character (this is what v8 does). But
our lexer and parser are currently not set up for such a change.
This commit is contained in:
davidot 2021-12-29 11:55:06 +01:00 committed by Linus Groh
parent b1e022908d
commit 56c425eec1
3 changed files with 145 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Lexer.h
View file

@ -77,6 +77,8 @@ private:
bool m_allow_html_comments { true };
Optional<size_t> m_hit_invalid_unicode;
static HashMap<FlyString, TokenType> s_keywords;
static HashMap<String, TokenType> s_three_char_tokens;
static HashMap<String, TokenType> s_two_char_tokens;