Unicode monster is back this time eating chrome

Monday, 15 August 2011

It appears this unicode monster keeps chomping away at JavaScript parsers, this time it’s chrome. There was an excellent post from jack masa about JavaScript comments. In it he describes how chrome allows any character which ends in 2a or 2f \uxx2a+\u002f to be used as a “*” or “/”. Pretty crazy I’m sure you’ll agree but nice.

So I thought maybe Chrome has the same problems as Opera when parsing unicode escapes. Of course it does.

uuuu=alert;\u\u\u\u(1)

Yuk I don’t want backslashes in my variables thanks.

So does it go deeper? Of course it does.

eval("Object.defineProperty(window,'u661',{get:function(){alert(1)}});\\u61");

Here I think the parser moves back a character and outputs the 6 twice.

Tested on 15.0.849.0 dev-m

The entry 'Unicode monster is back this time eating chrome' was posted on August 15th, 2011 at 10:28 am and is filed under javascript, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed :( too much spam. If you want to contact me about any article please email or tweet me.

M	T	W	T	F	S	S
« Jul				Sep »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Unicode monster is back this time eating chrome

Inspiration

Recent Comments