There are many places in the codebase that call our implementation of https://tc39.es/ecma262/#sec-parse-script
- FuzzilJs.cpp
- FuzzJs.cpp
- js_repl.cpp (WASM runtime)
- test-bytecode-js.cpp
- Spreadsheet.cpp
- $262Object.cpp
- JavaScriptTestRunner.h
- DOM/Document.cpp
- HTML/Scripting/ClassicScript.cpp
- js.cpp
Approximately zero of these places validate that the input is valid UTF-8.
However, the ECMA262 spec says that the "source text" of ParseScript ( sourceText, realm, hostDefined ) must be ECMAScript Source Text (https://tc39.es/ecma262/#sec-source-text), which is mandated to be valid UTF-8.
So onto the question: Whose job is it to mandate that the script you're passing to ParseScript be UTF-8? The caller? Or can the algorithm look at the input and say "ew, that's not UTF-8, here's a parse error".
Certanitly we shouldn't VERIFY() and crash in a String::from_deprecated_string(source_text).release_value_but_fixme_should_propagate_errors in ParseText(sourceText, Script), like we currently do...
How does funding with Polar work?
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too