From 1e13c1d0b70f47aed31d7d2b28aff4a96d8f7fc2 Mon Sep 17 00:00:00 2001
From: Thomas Fuchs <thomas@fesch.at>
Date: Wed, 13 Jun 2007 20:57:19 +0000
Subject: [PATCH] Prototype: Prevent a crash in Safari 1.3 on
 String#stripScripts and String#extractScripts. Closes #8332. Allow JSON data
 to contain line breaks. Closes #8271.

---
 CHANGELOG             | 4 ++++
 src/prototype.js      | 4 ++--
 test/unit/string.html | 6 +++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7519e9d..40ea1b0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 *SVN*
 
+* Prevent a crash in Safari 1.3 on String#stripScripts and String#extractScripts. Closes #8332. [grant, Tobie Langel]
+
+* Allow JSON data to contain line breaks. Closes #8271. [pijyster, Tobie Langel]
+
 * Add Hash.prototype.index which returns the first found property that has a specific value.  Closes #8528.  [Thomas Fuchs, slusarz, Mislav Marohnić]
   Examples:
     var hash = $H({a:1,b:'2'});
diff --git a/src/prototype.js b/src/prototype.js
index ab95f77..6e86083 100644
--- a/src/prototype.js
+++ b/src/prototype.js
@@ -18,8 +18,8 @@ var Prototype = {
        document.createElement('form').__proto__)
   },
 
-  ScriptFragment: '<script[^>]*>([\u0001-\uFFFF]*?)<\/script>',
-  JSONFilter: /^\/\*-secure-\s*(.*)\s*\*\/\s*$/,  
+  ScriptFragment: '<script[^>]*>([\\S\\s]*?)<\/script>',
+  JSONFilter: /^\/\*-secure-([\s\S]*)\*\/\s*$/,  
   
   emptyFunction: function() { },
   K: function(x) { return x }
diff --git a/test/unit/string.html b/test/unit/string.html
index 5a5a452..1479836 100644
--- a/test/unit/string.html
+++ b/test/unit/string.html
@@ -417,7 +417,7 @@
     }},
 
     testEvalJSON: function() {with(this) {
-      var valid = '{test: "hello world!"}';
+      var valid = '{test: \n\r"hello world!"}';
       var invalid = '{test: "hello world!"';
       var dangerous = '{});attackTarget = "attack succeeded!";({}';
       
@@ -434,9 +434,9 @@
       assertRaise('SyntaxError', function(){dangerous.evalJSON(true)});
       assertEqual("Not scared!", attackTarget);
 
-      assertEqual('hello world!', ('/*-secure-\n' + valid + '\n*/').evalJSON().test);
+      assertEqual('hello world!', ('/*-secure- \r  \n ' + valid + ' \n  */').evalJSON().test);
       var temp = Prototype.JSONFilter;
-      Prototype.JSONFilter = /^\/\*(.*)\*\/$/; // test custom delimiters.
+      Prototype.JSONFilter = /^\/\*([\s\S]*)\*\/$/; // test custom delimiters.
       assertEqual('hello world!', ('/*' + valid + '*/').evalJSON().test);
       Prototype.JSONFilter = temp;
     }}