Bug 62061

Summary: Input value sanitization for text fields is incorrect
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: FormsAssignee: Alexey Proskuryakov <ap>
Severity: Normal CC: darin, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 41115, 37024    
Description Flags
proposed fix
darin: review+
patch for landing none

Description Alexey Proskuryakov 2011-06-03 15:46:29 PDT
The spec says that newlines should be stripped, not replaced with spaces.

Comment 1 Alexey Proskuryakov 2011-06-03 15:46:49 PDT
HTML5 parser relies on value sanitization for correct behavior in this case:

<input type="text" placeholder="foo" value="

In Safari 5, the placeholder is displayed, and that's correct per HTML5. But it doesn't work in ToT - and besides, the linefeed appears as whitespace in initial value, which users are unlikely to notice when typing.
Comment 2 Alexey Proskuryakov 2011-06-03 17:48:21 PDT
Created attachment 95998 [details]
proposed fix
Comment 3 Darin Adler 2011-06-03 18:09:08 PDT
Comment on attachment 95998 [details]
proposed fix

View in context: https://bugs.webkit.org/attachment.cgi?id=95998&action=review

> Source/WebCore/html/TextFieldInputType.cpp:189
> +static bool asciiLineBreakCharacters(UChar c)

The name should be something more like:

Comment 4 Alexey Proskuryakov 2011-06-03 21:46:04 PDT
I didn't really expect that would you fly, but I liked how removeCharacters(asciiLineBreakCharacters) looked.

Thanks for the review!
Comment 5 Alexey Proskuryakov 2011-06-03 21:46:40 PDT
Created attachment 96006 [details]
patch for landing
Comment 6 Alexey Proskuryakov 2011-06-04 00:21:20 PDT
_ that_it_would_fly_ :-/
Comment 7 WebKit Review Bot 2011-06-04 04:23:22 PDT
Comment on attachment 96006 [details]
patch for landing

Clearing flags on attachment: 96006

Committed r88110: <http://trac.webkit.org/changeset/88110>
Comment 8 WebKit Review Bot 2011-06-04 04:23:26 PDT
All reviewed patches have been landed.  Closing bug.