V
VK
a fork of the thread "FAQ Topic - How can I create a Date object from
a String?"
As it has very little to do with Date and FAQ I moved it into the new
thread.
Thomas Lahn is totally correct that in JavaScript the beginning and
the end of each string literal denoted by single or double quotes. \0
escape sequence (NUL char) is neither one so it cannot denote the end
of string. The logic is clear, straight and feasible
.... yet naïve as a claim that while debugging a JavaScript program one
is exempted from electricity breakouts because ECMA 262 3rd says
nothing about electricity breakouts
NUL character (a.k.a. NUL terminator) does terminate strings. And
JavaScript core engine handles strings as NUL terminated character
array. And every NUL byte in a character array is automatically the
end of the string. This outcome was and is simply overlooked in specs,
so till now each UA producer either let it go nuts or patches it on
its own discretion.
For the practical outcome these are easy ways to creatively crash IE,
Safari (except iOS) and Opera. For the peaÑeful programming these are
such subtle cases as
http://www.remotesynthesis.com/post.cfm/Handling-Null-Characters-in-a-String
To facilitate the promised PointedEars job I am giving the test and
its behavior for 99.9% of the current desktop UA market.
<!DOCTYPE html>
<html>
<head>
<title>Demo</title>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8">
<script>
var obj = {'f\0oo' : 'b\0ar'};
for (var x in obj) {
window.alert(''.concat(
'property name = ', x,
'\n',
'string length = ', x.length,
'\n\n',
'obj["f\0oo"] = ', obj['f\0oo']
));
}
</script>
</head>
<body>
<p>Demo</p>
</body>
</html>
Outcome:
[ Windows Vista SP2 ]
Firefox 3.6.13
property name: foo
string length: 4
obj["foo"] = bar
IE 8.0.6001
property name: f
(the rest of alert string is "swallowed" by NUL char, separate alerts
needed)
Safari 5.0.3
property name: f
(the rest of alert string is "swallowed" by NUL char, separate alerts
needed)
Google Chrome 10.0.648.127 beta
property name: f oo
string length: 4
obj["f oo"] = b ar
(NUL interpreted as BLANK SPACE ?)
Opera 11.01
property name: f
(the rest of alert string is "swallowed" by NUL char, separate alerts
needed)
Note: iOS Safari (iPhone, iPad)
property name: foo
string length: 4
obj["foo"] = bar
(so just like Firefox)
a String?"
As it has very little to do with Date and FAQ I moved it into the new
thread.
Thomas Lahn is totally correct that in JavaScript the beginning and
the end of each string literal denoted by single or double quotes. \0
escape sequence (NUL char) is neither one so it cannot denote the end
of string. The logic is clear, straight and feasible
.... yet naïve as a claim that while debugging a JavaScript program one
is exempted from electricity breakouts because ECMA 262 3rd says
nothing about electricity breakouts
NUL character (a.k.a. NUL terminator) does terminate strings. And
JavaScript core engine handles strings as NUL terminated character
array. And every NUL byte in a character array is automatically the
end of the string. This outcome was and is simply overlooked in specs,
so till now each UA producer either let it go nuts or patches it on
its own discretion.
For the practical outcome these are easy ways to creatively crash IE,
Safari (except iOS) and Opera. For the peaÑeful programming these are
such subtle cases as
http://www.remotesynthesis.com/post.cfm/Handling-Null-Characters-in-a-String
To facilitate the promised PointedEars job I am giving the test and
its behavior for 99.9% of the current desktop UA market.
<!DOCTYPE html>
<html>
<head>
<title>Demo</title>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8">
<script>
var obj = {'f\0oo' : 'b\0ar'};
for (var x in obj) {
window.alert(''.concat(
'property name = ', x,
'\n',
'string length = ', x.length,
'\n\n',
'obj["f\0oo"] = ', obj['f\0oo']
));
}
</script>
</head>
<body>
<p>Demo</p>
</body>
</html>
Outcome:
[ Windows Vista SP2 ]
Firefox 3.6.13
property name: foo
string length: 4
obj["foo"] = bar
IE 8.0.6001
property name: f
(the rest of alert string is "swallowed" by NUL char, separate alerts
needed)
Safari 5.0.3
property name: f
(the rest of alert string is "swallowed" by NUL char, separate alerts
needed)
Google Chrome 10.0.648.127 beta
property name: f oo
string length: 4
obj["f oo"] = b ar
(NUL interpreted as BLANK SPACE ?)
Opera 11.01
property name: f
(the rest of alert string is "swallowed" by NUL char, separate alerts
needed)
Note: iOS Safari (iPhone, iPad)
property name: foo
string length: 4
obj["foo"] = bar
(so just like Firefox)