2.1.1

Author: okuryu

index.js

@@ -188,7 +188,7 @@ module.exports = function serialize(obj, options) {
         }
 
         if (type === 'R') {
-            return "new RegExp(\"" + regexps[valueIndex].source + "\", \"" + regexps[valueIndex].flags + "\")";
+            return "new RegExp(" + serialize(regexps[valueIndex].source) + ", \"" + regexps[valueIndex].flags + "\")";
         }
 
         if (type === 'M') {

test/unit/serialize.js

@@ -285,22 +285,22 @@ describe('serialize( obj )', function () {
         });
 
         it('should serialize regexps with escaped chars', function () {
-            expect(serialize(/\..*/)).to.equal('new RegExp("\\..*", "")');
-            expect(serialize(new RegExp('\\..*'))).to.equal('new RegExp("\\..*", "")');
+            expect(serialize(/\..*/)).to.equal('new RegExp("\\\\..*", "")');
+            expect(serialize(new RegExp('\\..*'))).to.equal('new RegExp("\\\\..*", "")');
         });
 
         it('should deserialize regexps with escaped chars', function () {
             var re = eval(serialize(/\..*/));
             expect(re).to.be.a('RegExp');
-            expect(re.source).to.equal('..*');
+            expect(re.source).to.equal('\\..*');
             re = eval(serialize(new RegExp('\\..*')));
             expect(re).to.be.a('RegExp');
-            expect(re.source).to.equal('..*');
+            expect(re.source).to.equal('\\..*');
         });
 
         it('should serialize dangerous regexps', function () {
             var re = /[</script><script>alert('xss')//]/
-            expect(serialize(re)).to.be.a('string').equal('new RegExp("[<\\/script><script>alert(\'xss\')\\/\\/]", "")');
+            expect(serialize(re)).to.be.a('string').equal('new RegExp("[\\u003C\\\\\\u002Fscript\\u003E\\u003Cscript\\u003Ealert(\'xss\')\\\\\\u002F\\\\\\u002F]", "")');
         });
     });