Bug 88685

Summary: REGRESSION(r106388): Form hidden element values being restored incorrectly for dynamically generated content
Product: WebKit Reporter: Darth <priyajeet.hora>
Component: FormsAssignee: Kent Tamura <tkent>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, jonlee, morrita, priyajeet.hora, tkent, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on: 89539    
Bug Blocks: 23346    
Attachments:
Description Flags
testcase
none
form submit action file
none
Patch none

Darth
Reported 2012-06-08 13:40:34 PDT
Created attachment 146641 [details] testcase Upstream bug: http://code.google.com/p/chromium/issues/detail?id=131645 As mentioned in the above bug, regression likely caused by http://trac.webkit.org/changeset/106388 Copying from the above bug: index.html (attached): <html> <body> <form method="POST" action="index2.html" > <input type="hidden" id="one" name="one" value="one" /> <input type="submit" value="submit" /> </form> </body> </html> index2.html (attached): just an empty file, does nothing. Steps: 1] Open index.html in the browser, inspect the form and you will see the above structure. 2] Submit the form and remain on this index2 page. 3] In an editor, edit the index.html file as follows to simulate a server side change of dynamic content <html> <body> <form method="POST" action="index2.html" > <input type="hidden" id="one" name="one" value="two" /> <input type="submit" value="submit" /> </form> </body> </html> Notice how I re-used the name and id, but the value is changed by the server 4] Press the browser back button 5] inspect the form again in web inspector as well as the response in the network tab What is the expected result? <input type="hidden" id="one" name="one" value="two" /> What happens instead? <input type="hidden" id="one" name="one" value="one" /> 6] Try the same in Chrome 18 or with autocomplete=off in the form and it works as expected
Attachments
testcase (182 bytes, text/html)
2012-06-08 13:40 PDT, Darth 		no flags
Details
form submit action file (32 bytes, text/html)
2012-06-08 13:41 PDT, Darth 		no flags
Details
Patch (6.20 KB, patch)
2012-06-20 22:03 PDT, Kent Tamura 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darth
Comment 1 2012-06-08 13:41:34 PDT
Created attachment 146643 [details] form submit action file
Kent Tamura
Comment 2 2012-06-20 21:59:29 PDT
https://bugs.webkit.org/show_bug.cgi?id=77391#c13 > I think the second one (saving hidden values updated after HTMLInputElement::finishParsingChildren()) is the safest for Bug 88685.
Kent Tamura
Comment 3 2012-06-20 22:03:33 PDT
Created attachment 148728 [details] Patch
Hajime Morrita
Comment 4 2012-06-28 22:34:53 PDT
Comment on attachment 148728 [details] Patch Why is this only for hidden?
Kent Tamura
Comment 5 2012-06-28 22:40:28 PDT
(In reply to comment #4) > Why is this only for hidden? We can detect whether the value is updated or not for other types because the current value is separately stored in other types. However the hidden type doesn't have such separated value. http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#dom-input-value-value Many types behave as "value" mode, and the hidden type behaves as "default".
WebKit Review Bot
Comment 6 2012-06-28 23:12:38 PDT
Comment on attachment 148728 [details] Patch Clearing flags on attachment: 148728 Committed r121519: <http://trac.webkit.org/changeset/121519>
WebKit Review Bot
Comment 7 2012-06-28 23:12:43 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.