[regexp] Create property on result for each named capture

src/regexp/regexp-parser.cc

Index: src/regexp/regexp-parser.cc
diff --git a/src/regexp/regexp-parser.cc b/src/regexp/regexp-parser.cc
index 3621f7d96e4fbf4634b7a214d7beb5defa019eae..ebaccc5588c335ca17e1b9df0003146a42f2ecdf 100644
--- a/src/regexp/regexp-parser.cc
+++ b/src/regexp/regexp-parser.cc
@@ -770,6 +770,15 @@ bool RegExpParser::CreateNamedCaptureAtIndex(const ZoneVector<uc16>* name,
   DCHECK(0 < index && index <= captures_started_);
   DCHECK_NOT_NULL(name);
 
+  // Disallow captures named '__proto__'.
+  static const char16_t proto_string[] = u"__proto__";

[Dan Ehrenberg, 2017/01/20 18:23:46]

Sorry I didn't post this comment earlier, but: If adding the properties is
changed from Set to Define I'm not convinced we need to blacklist __proto__.
Instead, if you have a group named __proto__, it would simply create an own
property named __proto__ and not actually change the underlying [[Prototype]].

+  if (name->size() == arraysize(proto_string) - 1) {
+    if (std::equal(name->begin(), name->end(), &proto_string[0])) {
+      ReportError(CStrVector("Illegal capture group name"));
+      return false;
+    }
+  }
+
   if (named_captures_ == nullptr) {
     named_captures_ = new (zone()) ZoneList<RegExpCapture*>(1, zone());
   } else {