Bug 188899 - Function evaluation with special characters as params
Summary: Function evaluation with special characters as params
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Safari 11
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-23 12:53 PDT by isol2
Modified: 2018-08-27 22:27 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description isol2 2018-08-23 12:53:52 PDT 
Hi everyone,
I found this inconsistency in JSC when it try to parsing the HTML comment block as param, but I don't know if this behavior is expected by others engines. 
This param was generated by a fuzzer.

Version: 235121
OS: Ubuntu 16.04 x64

Steps to reproduce:
let a = Function("<!--", "print(1+1)")
a()
let b = Function("<!--", "<!--", "print(1+1)")
b()

Actual result: 
SyntaxError: Unexpected token '}'. Expected a parameter pattern or a ')' in parameter list.

Expected result:
2
2

V8, Chakra and SpiderMonkey works as expected.

cinfuzz