LibRegex: Disallow unescaped quantifiers in Unicode mode

Tests/LibRegex/Regex.cpp

@@ -559,6 +559,12 @@ TEST_CASE(ECMA262_parse)
         { "[\\00]"sv, regex::Error::InvalidPattern, combine_flags(ECMAScriptFlags::Unicode, ECMAScriptFlags::BrowserExtended) },
         { "\\^\\$\\\\\\.\\*\\+\\?\\(\\)\\[\\]\\{\\}\\|\\/"sv, regex::Error::NoError, ECMAScriptFlags::Unicode },
         { "[\\^\\$\\\\\\.\\*\\+\\?\\(\\)\\[\\]\\{\\}\\|\\/]"sv, regex::Error::NoError, ECMAScriptFlags::Unicode },
+        { "]"sv, regex::Error::NoError, ECMAScriptFlags::BrowserExtended },
+        { "]"sv, regex::Error::InvalidPattern, ECMAScriptFlags::Unicode },
+        { "\\]"sv, regex::Error::NoError, ECMAScriptFlags::Unicode },
+        { "}"sv, regex::Error::NoError, ECMAScriptFlags::BrowserExtended },
+        { "}"sv, regex::Error::InvalidPattern, ECMAScriptFlags::Unicode },
+        { "\\}"sv, regex::Error::NoError, ECMAScriptFlags::Unicode },
     };
 
     for (auto& test : tests) {

Userland/Libraries/LibRegex/RegexParser.cpp

@@ -1290,6 +1290,9 @@ bool ECMA262Parser::parse_atom(ByteCode& stack, size_t& match_length_minimum, bo
     }
 
     if (match(TokenType::RightBracket) || match(TokenType::RightCurly) || match(TokenType::LeftCurly)) {
+        if (unicode)
+            return set_error(Error::InvalidPattern);
+
         if (m_should_use_browser_extended_grammar) {
             auto token = consume();
             match_length_minimum += 1;