Unicode monster is back this time eating chrome
Monday, 15 August 2011
It appears this unicode monster keeps chomping away at JavaScript parsers, this time it’s chrome. There was an excellent post from jack masa about JavaScript comments. In it he describes how chrome allows any character which ends in 2a or 2f \uxx2a+\u002f to be used as a “*” or “/”. Pretty crazy I’m sure you’ll agree but nice.
So I thought maybe Chrome has the same problems as Opera when parsing unicode escapes. Of course it does.
uuuu=alert;\u\u\u\u(1)
Yuk I don’t want backslashes in my variables thanks.
So does it go deeper? Of course it does.
eval("Object.defineProperty(window,'u661',{get:function(){alert(1)}});\\u61");
Here I think the parser moves back a character and outputs the 6 twice.
Tested on 15.0.849.0 dev-m