semicolon insertion for UseSubsetDirectives

Mike Samuel mikesamuel at
Wed Oct 29 17:57:29 PDT 2008

How does the following program parse in the presence of ES3.1

"use strict"
+ new Foo()

Does semicolon insertion work after UseSubsetDirectives?  Even if the next
token is an operator that can validly follow a string literal in that

Does it matter that the Foo instance's valueOf would be invoked with a type
hint of undefined under ES3, but with a type hint of 'number' under ES3.1?

In another weird case:

"use strict"
/foo,'/* blah()  /**/ //'

In ES3, this is the same as
  ("use strict" / foo), "\x27\x2a blah\x28\x29  \x27\x2a\x2a\x27 \x27\x27"
but if a semicolon is inserted without regards for the following token being
an operator, the / starts a regexp, so it becomes the same as
  "use strict";
  (/foo , \x22/) * blah();

I think the difference in behavior in the first case is ignorable, but the
significant change in AST produced in the second provides a lot of
opportunity for security breaches.
Disallowing semicolon insertion after a UseSubsetDirective, so that the
tokenization is the same would solve that, and I think lint tools and
interpreter warnings can advise when a string token that looks like a use
subset is being ignored because a semicolon is lacking.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Es-discuss mailing list