Check regex syntax for pattern attribute with CheckRegexSyntax from mozjs (#28364)

Signed-off-by: Martin Robinson <mrobinson@igalia.com>
2025-06-06 16:45:39 +00:00 · 2025-01-07 02:49:59 +09:00 · 2025-01-07 02:49:59 +09:00 · 2575a0daf1
commit 2575a0daf1
parent 2885057ad7
1 changed files with 31 additions and 2 deletions
--- a/components/script/dom/htmlinputelement.rs
+++ b/components/script/dom/htmlinputelement.rs
@ -18,7 +18,7 @@ use js::jsapi::{
    NewUCRegExpObject, ObjectIsDate, RegExpFlag_Unicode, RegExpFlags,
 };
 use js::jsval::UndefinedValue;
-use js::rust::jsapi_wrapped::{ExecuteRegExpNoStatics, ObjectIsRegExp};
+use js::rust::jsapi_wrapped::{CheckRegExpSyntax, ExecuteRegExpNoStatics, ObjectIsRegExp};
 use js::rust::{HandleObject, MutableHandleObject};
 use net_traits::blob_url_store::get_blob_origin;
 use net_traits::filemanager_thread::FileManagerThreadMsg;
@ -2917,7 +2917,7 @@ fn round_halves_positive(n: f64) -> f64 {
 // https://html.spec.whatwg.org/multipage/#compiled-pattern-regular-expression
 fn compile_pattern(cx: SafeJSContext, pattern_str: &str, out_regex: MutableHandleObject) -> bool {
    // First check if pattern compiles...
-    if new_js_regex(cx, pattern_str, out_regex) {
+    if check_js_regex_syntax(cx, pattern_str) {
        // ...and if it does make pattern that matches only the entirety of string
        let pattern_str = format!("^(?:{})$", pattern_str);
        new_js_regex(cx, &pattern_str, out_regex)
@ -2926,6 +2926,35 @@ fn compile_pattern(cx: SafeJSContext, pattern_str: &str, out_regex: MutableHandl
    }
 }

+#[allow(unsafe_code)]
+/// Check if the pattern by itself is valid first, and not that it only becomes
+/// valid once we add ^(?: and )$.
+fn check_js_regex_syntax(cx: SafeJSContext, pattern: &str) -> bool {
+    let pattern: Vec<u16> = pattern.encode_utf16().collect();
+    unsafe {
+        rooted!(in(*cx) let mut exception = UndefinedValue());
+
+        let valid = CheckRegExpSyntax(
+            *cx,
+            pattern.as_ptr(),
+            pattern.len(),
+            RegExpFlags {
+                flags_: RegExpFlag_Unicode,
+            },
+            &mut exception.handle_mut(),
+        );
+
+        if !valid {
+            JS_ClearPendingException(*cx);
+            return false;
+        }
+
+        // TODO(cybai): report `exception` to devtools
+        // exception will be `undefined` if the regex is valid
+        exception.is_undefined()
+    }
+}
+
 #[allow(unsafe_code)]
 fn new_js_regex(cx: SafeJSContext, pattern: &str, mut out_regex: MutableHandleObject) -> bool {
    let pattern: Vec<u16> = pattern.encode_utf16().collect();