Bug 62061

Summary: Input value sanitization for text fields is incorrect
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: FormsAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 37024, 41115    
Attachments:
Description Flags
proposed fix
darin: review+
patch for landing none

Alexey Proskuryakov
Reported 2011-06-03 15:46:29 PDT
The spec says that newlines should be stripped, not replaced with spaces. <rdar://problem/9553273>
Attachments
proposed fix (8.01 KB, patch)
2011-06-03 17:48 PDT, Alexey Proskuryakov
darin: review+
patch for landing (7.98 KB, patch)
2011-06-03 21:46 PDT, Alexey Proskuryakov
no flags
Alexey Proskuryakov
Comment 1 2011-06-03 15:46:49 PDT
HTML5 parser relies on value sanitization for correct behavior in this case: <input type="text" placeholder="foo" value=" "> In Safari 5, the placeholder is displayed, and that's correct per HTML5. But it doesn't work in ToT - and besides, the linefeed appears as whitespace in initial value, which users are unlikely to notice when typing.
Alexey Proskuryakov
Comment 2 2011-06-03 17:48:21 PDT
Created attachment 95998 [details] proposed fix
Darin Adler
Comment 3 2011-06-03 18:09:08 PDT
Comment on attachment 95998 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=95998&action=review > Source/WebCore/html/TextFieldInputType.cpp:189 > +static bool asciiLineBreakCharacters(UChar c) The name should be something more like: isASCIILineBreak
Alexey Proskuryakov
Comment 4 2011-06-03 21:46:04 PDT
I didn't really expect that would you fly, but I liked how removeCharacters(asciiLineBreakCharacters) looked. Thanks for the review!
Alexey Proskuryakov
Comment 5 2011-06-03 21:46:40 PDT
Created attachment 96006 [details] patch for landing
Alexey Proskuryakov
Comment 6 2011-06-04 00:21:20 PDT
_ that_it_would_fly_ :-/
WebKit Review Bot
Comment 7 2011-06-04 04:23:22 PDT
Comment on attachment 96006 [details] patch for landing Clearing flags on attachment: 96006 Committed r88110: <http://trac.webkit.org/changeset/88110>
WebKit Review Bot
Comment 8 2011-06-04 04:23:26 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.