Bug 37024
| Summary: | Implement value sanitization algorithms | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Kent Tamura <tkent> |
| Component: | Forms | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | abarth, ap, cmarcelo, eric, joepeck, pknight, tkent, webmaster |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://www.whatwg.org/specs/web-apps/current-work/multipage/the-input-element.html#value-sanitization-algorithm | ||
| Bug Depends on: | 43973, 57737, 59951, 61273, 62061, 76893 | ||
| Bug Blocks: | 19264 | ||
Kent Tamura
Quotes from the spec:
* text, search, tel, url, email, password
The value sanitization algorithm is as follows: Strip line breaks from the value.
* datetime
The value sanitization algorithm is as follows: If the value of the element is a valid global date and time string, then adjust the time so that the value represents the same point in time but expressed in the UTC time zone, otherwise, set it to the empty string instead.
* date
The value sanitization algorithm is as follows: If the value of the element is not a valid date string, then set it to the empty string instead.
* month
The value sanitization algorithm is as follows: If the value of the element is not a valid month string, then set it to the empty string instead.
* week
The value sanitization algorithm is as follows: If the value of the element is not a valid week string, then set it to the empty string instead.
* time
The value sanitization algorithm is as follows: If the value of the element is not a valid time string, then set it to the empty string instead.
* datetime-local
The value sanitization algorithm is as follows: If the value of the element is not a valid local date and time string, then set it to the empty string instead.
* number
The value sanitization algorithm is as follows: If the value of the element is not a valid floating point number, then set it to the empty string instead.
* range
The value sanitization algorithm is as follows: If the value of the element is not a valid floating point number, then set it to a valid floating point number that represents the default value.
* color
The value sanitization algorithm is as follows: If the value of the element is a valid simple color, then set it to the value of the element converted to ASCII lowercase; otherwise, set it to the string "#000000".
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Joseph Pecoraro
If we add value sanitization for date types, for example:
input.type = "date";
input.value = "test";
assert(input.value === "")
Then all of the ValidityState tests for the date types will
need to be updated as well. Would there a way for users
to get into an invalid state?
Andy Estes
<rdar://problem/9456107>
Alexey Proskuryakov
HTML5 parser relies on value sanitization for correct behavior in this case:
<input type="text" placeholder="foo" value="
">
In Safari 5, the placeholder is displayed, and that's correct per HTML5. But it doesn't work in ToT - and besides, the linefeed appears as whitespace in initial value, which users are unlikely to notice when typing.
Eric Seidel (no email)
(In reply to comment #3)
> HTML5 parser relies on value sanitization for correct behavior in this case:
>
> <input type="text" placeholder="foo" value="
> ">
>
> In Safari 5, the placeholder is displayed, and that's correct per HTML5. But it doesn't work in ToT - and besides, the linefeed appears as whitespace in initial value, which users are unlikely to notice when typing.
InputStreamPreprocessor is responsible for dealing with whitespace:
http://trac.webkit.org/browser/trunk/Source/WebCore/html/parser/HTMLTokenizer.h#L176
But may not apply to this case. This may simply be bugs in HTMLInputElement::parseMappedAttribute
Alexey Proskuryakov
In Firefox 4, input.value is empty in my example, while input.getAttribute("value") is LF. So if it is to be trusted, it's not the job of InputStreamPreprocessor.
Alexey Proskuryakov
Filed bug 62061 for the issue with inputs.
Eric Seidel (no email)
It seems we have most of these, but some of these elements are disabled on trunk. Curious if we still want this bug open?
Kent Tamura
It seems sanitization of type=datetime is still incorrect.
Kent Tamura
Completed.