Quotes from the spec: * text, search, tel, url, email, password The value sanitization algorithm is as follows: Strip line breaks from the value. * datetime The value sanitization algorithm is as follows: If the value of the element is a valid global date and time string, then adjust the time so that the value represents the same point in time but expressed in the UTC time zone, otherwise, set it to the empty string instead. * date The value sanitization algorithm is as follows: If the value of the element is not a valid date string, then set it to the empty string instead. * month The value sanitization algorithm is as follows: If the value of the element is not a valid month string, then set it to the empty string instead. * week The value sanitization algorithm is as follows: If the value of the element is not a valid week string, then set it to the empty string instead. * time The value sanitization algorithm is as follows: If the value of the element is not a valid time string, then set it to the empty string instead. * datetime-local The value sanitization algorithm is as follows: If the value of the element is not a valid local date and time string, then set it to the empty string instead. * number The value sanitization algorithm is as follows: If the value of the element is not a valid floating point number, then set it to the empty string instead. * range The value sanitization algorithm is as follows: If the value of the element is not a valid floating point number, then set it to a valid floating point number that represents the default value. * color The value sanitization algorithm is as follows: If the value of the element is a valid simple color, then set it to the value of the element converted to ASCII lowercase; otherwise, set it to the string "#000000".
If we add value sanitization for date types, for example: input.type = "date"; input.value = "test"; assert(input.value === "") Then all of the ValidityState tests for the date types will need to be updated as well. Would there a way for users to get into an invalid state?
<rdar://problem/9456107>
HTML5 parser relies on value sanitization for correct behavior in this case: <input type="text" placeholder="foo" value=" "> In Safari 5, the placeholder is displayed, and that's correct per HTML5. But it doesn't work in ToT - and besides, the linefeed appears as whitespace in initial value, which users are unlikely to notice when typing.
(In reply to comment #3) > HTML5 parser relies on value sanitization for correct behavior in this case: > > <input type="text" placeholder="foo" value=" > "> > > In Safari 5, the placeholder is displayed, and that's correct per HTML5. But it doesn't work in ToT - and besides, the linefeed appears as whitespace in initial value, which users are unlikely to notice when typing. InputStreamPreprocessor is responsible for dealing with whitespace: http://trac.webkit.org/browser/trunk/Source/WebCore/html/parser/HTMLTokenizer.h#L176 But may not apply to this case. This may simply be bugs in HTMLInputElement::parseMappedAttribute
In Firefox 4, input.value is empty in my example, while input.getAttribute("value") is LF. So if it is to be trusted, it's not the job of InputStreamPreprocessor.
Filed bug 62061 for the issue with inputs.
It seems we have most of these, but some of these elements are disabled on trunk. Curious if we still want this bug open?
It seems sanitization of type=datetime is still incorrect.
Completed.