Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #8332 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

The regular expression makes Safari crash

Reported by: hwat Assigned to: sam
Priority: normal Milestone: 1.x
Component: Prototype Version: edge
Severity: major Keywords: Safari Crash ScriptFragment RegExp
Cc: Tobie

Description

The Safari (version 1.3.2 - on Mac OS X v10.3.9) easily crashes by the following code in prototype.js (version 1.5.1) because there is a problem in the engine of the regular expression.

prototype.js version 1.5.1 line 27: 

  ScriptFragment: '<script[^>]*>([\u0001-\uFFFF]*?)</script>',

By the way, it doesn't crash in the previous version 1.5.0: 

  ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)',

Regards,

Attachments

scriptfragment-no-unicode.diff (454 bytes) - added by grant on 05/25/07 15:17:33.
Replaced Unicode range with another any-character character class.

Change History

05/11/07 19:20:51 changed by Tobie

  • cc set to Tobie.

The expression was changed specifically to avoid Safari crashes.

Could you please provide a test case where the new expression crashes ?

Thank you.

05/11/07 22:01:37 changed by hwat

Thank you for reply.

First of all, I had be trying Element.update() like this: 

<html><head><title>case: Element.update()</title>
<script type="text/javascript" src="prototype-1.5.1.js">
</script>
<script type="text/javascript">

  Event.observe(window,'load',function(){
    $('container').update('It does not crash if you can see.');
  });

</script>
</head><body>

  <p id="container">
    Element.update() replace here.
  </p>

</body></html>

Then because I had seen the crash, so I investigated the cause.

Element.update() uses Element.stripScripts(), and Element.stripScripts() uses a variable 'Prototype.ScriptFragment'.

In a word, I have found that Safari always crashes whenever it uses the RegExp. 

<html><head><title>test case</title>
<script type="text/javascript">

  var ScriptFragment = '<script[^>]*>([\u0001-\uFFFF]*?)</'+'script>';
  new RegExp(ScriptFragment, ''); // Safari runs into crash...

</script>
</head><body></body></html>

Sorry for my poor English.

Thanks,

05/24/07 16:33:09 changed by grant

Unicode ranges were fixed in Safari 2.0.2. Safari 1.3.2 is the newest version available for users of OS X 10.3. It doesn't work in 10.4, but you can use Safari 2.0 from Multi-Safari.

05/25/07 15:17:33 changed by grant

  • attachment scriptfragment-no-unicode.diff added.

Replaced Unicode range with another any-character character class.

06/13/07 20:57:24 changed by madrobby

  • status changed from new to closed.
  • resolution set to fixed.

(In [7014]) Prototype: Prevent a crash in Safari 1.3 on String#stripScripts and String#extractScripts. Closes #8332. Allow JSON data to contain line breaks. Closes #8271.