[Pkg-javascript-commits] [uglifyjs] 117/491: whitelist `unsafe` `evaluate` candidates (#2039)

[Jonas Smedegaard]

This is an automated email from the git hooks/post-receive script.

js pushed a commit to annotated tag debian/3.3.10-1
in repository uglifyjs.

commit ec095ed647691b3458ec9e65e89ff92d5151abc4
Author: Alex Lam S.L <alexlamsl at gmail.com>
Date:   Thu Jun 1 04:33:05 2017 +0800

    whitelist `unsafe` `evaluate` candidates (#2039)
    
    - all arguments may accept constant values
    - return constant value
    - free of side effects
    - available & identical across locales and runtime environments
---
 lib/compress.js           | 43 ++++++++++++++++++++++++++++++++++++++++---
 test/compress/evaluate.js |  6 ++++--
 2 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/lib/compress.js b/lib/compress.js
index a928d7b..71cffce 100644
--- a/lib/compress.js
+++ b/lib/compress.js
@@ -1665,6 +1665,44 @@ merge(Compressor.prototype, {
             }
             throw def;
         });
+        var object_fns = [
+            'constructor',
+            'toString',
+            'valueOf',
+        ];
+        var native_fns = {
+            Array: makePredicate([
+                'indexOf',
+                'join',
+                'lastIndexOf',
+                'slice',
+            ].concat(object_fns)),
+            Boolean: makePredicate(object_fns),
+            Number: makePredicate([
+                'toExponential',
+                'toFixed',
+                'toPrecision',
+            ].concat(object_fns)),
+            RegExp: makePredicate([
+                'test',
+            ].concat(object_fns)),
+            String: makePredicate([
+                'charAt',
+                'charCodeAt',
+                'concat',
+                'indexOf',
+                'italics',
+                'lastIndexOf',
+                'match',
+                'replace',
+                'search',
+                'slice',
+                'split',
+                'substr',
+                'substring',
+                'trim',
+            ].concat(object_fns)),
+        };
         def(AST_Call, function(compressor){
             var exp = this.expression;
             if (compressor.option("unsafe") && exp instanceof AST_PropAccess) {
@@ -1673,9 +1711,8 @@ merge(Compressor.prototype, {
                     key = ev(key, compressor);
                 }
                 var val = ev(exp.expression, compressor);
-                var fn = val[key];
-                if (typeof fn == "function") {
-                    return fn.apply(val, this.args.map(function(arg) {
+                if ((val && native_fns[val.constructor.name] || return_false)(key)) {
+                    return val[key].apply(val, this.args.map(function(arg) {
                         return ev(arg, compressor);
                     }));
                 }
diff --git a/test/compress/evaluate.js b/test/compress/evaluate.js
index 020d7cf..99245d0 100644
--- a/test/compress/evaluate.js
+++ b/test/compress/evaluate.js
@@ -780,13 +780,15 @@ unsafe_charAt_noop: {
     input: {
         console.log(
             s.charAt(0),
-            "string".charAt(x)
+            "string".charAt(x),
+            (typeof x).charAt()
         );
     }
     expect: {
         console.log(
             s.charAt(0),
-            "string".charAt(x)
+            "string".charAt(x),
+            (typeof x)[0]
         );
     }
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/uglifyjs.git