Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 13f7de0a8f9494c5db1193a5a826553637a56fcf
https://github.com/WebKit/WebKit/commit/13f7de0a8f9494c5db1193a5a826553637a56fcf
Author: Sosuke Suzuki <[email protected]>
Date: 2026-03-04 (Wed, 04 Mar 2026)
Changed paths:
A JSTests/stress/string-replace-regexp-empty-match-advance-index.js
M Source/JavaScriptCore/runtime/StringPrototypeInlines.h
Log Message:
-----------
[JSC] String#replace should not do surrogate-aware advancement for
non-unicode regexps
https://bugs.webkit.org/show_bug.cgi?id=309146
Reviewed by Yusuke Suzuki.
Per ECMA-262 AdvanceStringIndex[1], empty-match advancement must be
exactly +1 code unit when the regexp has neither 'u' nor 'v' flag.
The C++ fast path was unconditionally skipping over surrogate pairs:
"\uD800\uDC00".replace(/(?:)/g, "X")
Spec: "X\uD800X\uDC00X" (3 matches)
JSC: "X\uD800\uDC00X" (2 matches)
The JS builtin slow path (RegExpPrototype.js) was already correct.
[1]: https://tc39.es/ecma262/#sec-advancestringindex
Test: JSTests/stress/string-replace-regexp-empty-match-advance-index.js
* JSTests/stress/string-replace-regexp-empty-match-advance-index.js: Added.
(shouldBe):
(SlowRegExp):
(shouldBe.collectOffsets):
* Source/JavaScriptCore/runtime/StringPrototypeInlines.h:
(JSC::addToRegExpSearchCache):
(JSC::replaceAllWithStringUsingRegExpSearchNoBackreferences):
(JSC::replaceAllWithStringUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
Canonical link: https://commits.webkit.org/308626@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
