Reject noctals in strings in strict mode

shapesecurity / shift-parser-js

ECMAScript parser that produces a Shift format AST

http://shift-ast.org/parser.html

Apache License 2.0

248 stars 28 forks source link

Closed bakkot closed 6 years ago

bakkot commented 7 years ago

(function(){'use strict'; '\08'})

but the only strict-mode production allowing '\0' is EscapeSequence :: 0 [lookahead ∉ DecimalDigit], which ought to forbid it.

We correctly forbid 08 as a number literal in strict code; this is just about strings.

bakkot commented 7 years ago

Noctal escapes should also be rejected in template literals.