Bug 103018

Summary:

Correct input[type=number] value sanitization for user-input

Product:

WebKit

Reporter:

Kent Tamura <tkent>

Component:

Forms

Assignee:

Kent Tamura <tkent>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

dglazkov, haraken, mifenton, morrita, ojan, webkit-ews, webkit.review.bot

Priority:

Keywords:

WebExposed

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

102861

Attachments:

Description	Flags
Patch	none
Patch 2	none
Patch 3	none

Kent Tamura

Reported 2012-11-21 21:58:04 PST

1. Open a page with input[type=number] 2. Type "-1" into the number field 3. Additionally type "abc" into the number field Expected result: Because the typed string is "-1abc" and it's not a valid number, HTMLInputElement::value should have sanitized value, "". Actual result: HTMLInputElement::value is "-1". Note: Opera's behavior is the "Expected result".

Attachments
Patch (7.48 KB, patch) 2012-11-21 22:14 PST, Kent Tamura	no flags	Details Formatted Diff Diff
Patch 2 (7.49 KB, patch) 2012-11-21 22:23 PST, Kent Tamura	no flags	Details Formatted Diff Diff
Patch 3 (12.57 KB, patch) 2012-11-21 23:49 PST, Kent Tamura	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Kent Tamura

Comment 1 2012-11-21 22:14:47 PST

Created attachment 175587 [details] Patch

Early Warning System Bot

Comment 2 2012-11-21 22:22:20 PST

Comment on attachment 175587 [details] Patch Attachment 175587 [details] did not pass qt-wk2-ews (qt): Output: http://queues.webkit.org/results/14950260

Kent Tamura

Comment 3 2012-11-21 22:23:50 PST

Created attachment 175588 [details] Patch 2

Kentaro Hara

Comment 4 2012-11-21 23:06:34 PST

Comment on attachment 175588 [details] Patch 2 View in context: https://bugs.webkit.org/attachment.cgi?id=175588&action=review Looks OK. > Source/WebCore/ChangeLog:10 > + sanitization algorithm defined by the HTML standard, and Opera's You can add the link to the spec in ChangeLog.

Kent Tamura

Comment 5 2012-11-21 23:49:53 PST

Created attachment 175602 [details] Patch 3

Kent Tamura

Comment 6 2012-11-21 23:51:22 PST

Thank you for the review. I updated ChangeLog, and revised the patch because I found HTMLInputElement::isAcceptableValue and InputType::isAcceptableValue were unnecessary any more.

WebKit Review Bot

Comment 7 2012-11-22 22:01:59 PST

Comment on attachment 175602 [details] Patch 3 Attachment 175602 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/14965574 New failing tests: inspector-protocol/debugger-terminate-dedicated-worker-while-paused.html

WebKit Review Bot

Comment 8 2012-11-23 05:12:31 PST

Comment on attachment 175602 [details] Patch 3 Clearing flags on attachment: 175602 Committed r135598: <http://trac.webkit.org/changeset/135598>

WebKit Review Bot

Comment 9 2012-11-23 05:12:36 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.