<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[192218] releases/WebKitGTK/webkit-2.10</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/192218">192218</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2015-11-10 02:40:28 -0800 (Tue, 10 Nov 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/191626">r191626</a> - Do not sanitize user input for input[type=url]
https://bugs.webkit.org/show_bug.cgi?id=150346
<rdar://problem/23243240>
Patch by Keith Rollin <krollin@apple.com> on 2015-10-27
Reviewed by Darin Adler.
Source/WebCore:
Do not sanitize user input in text-based input fields that support
the Selection API, in order to not break JavaScript code that expects
element.value to match what's on the screen.
Test: fast/forms/input-user-input-sanitization.html
* html/TextFieldInputType.cpp:
(WebCore::TextFieldInputType::subtreeHasChanged):
LayoutTests:
Test the sanitization of text-based input fields when the user enters
text.
* fast/forms/input-user-input-sanitization-expected.txt: Added.
* fast/forms/input-user-input-sanitization.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit210LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit210SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit210SourceWebCorehtmlHTMLInputElementcpp">releases/WebKitGTK/webkit-2.10/Source/WebCore/html/HTMLInputElement.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit210SourceWebCorehtmlTextFieldInputTypecpp">releases/WebKitGTK/webkit-2.10/Source/WebCore/html/TextFieldInputType.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit210LayoutTestsfastformsinputuserinputsanitizationexpectedtxt">releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit210LayoutTestsfastformsinputuserinputsanitizationhtml">releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit210LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog (192217 => 192218)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2015-11-10 10:38:13 UTC (rev 192217)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2015-11-10 10:40:28 UTC (rev 192218)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2015-10-27 Keith Rollin <krollin@apple.com>
+
+ Do not sanitize user input for input[type=url]
+ https://bugs.webkit.org/show_bug.cgi?id=150346
+ <rdar://problem/23243240>
+
+ Reviewed by Darin Adler.
+
+ Test the sanitization of text-based input fields when the user enters
+ text.
+
+ * fast/forms/input-user-input-sanitization-expected.txt: Added.
+ * fast/forms/input-user-input-sanitization.html: Added.
+
</ins><span class="cx"> 2015-10-26 Zalan Bujtas <zalan@apple.com>
</span><span class="cx">
</span><span class="cx"> Floating box is misplaced after content change.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit210LayoutTestsfastformsinputuserinputsanitizationexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization-expected.txt (0 => 192218)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization-expected.txt 2015-11-10 10:40:28 UTC (rev 192218)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+Check whether or not sanitization is performed on user input in text-input elements.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS focusAndType("email", " foobar@example.com ").value is "foobar@example.com"
+PASS focusAndType("password", " foobar ").value is " foobar "
+PASS focusAndType("search", " foobar ").value is " foobar "
+PASS focusAndType("telephone", " 123-456-7890 ").value is " 123-456-7890 "
+PASS focusAndType("text", " foobar ").value is " foobar "
+PASS focusAndType("url", " https://foobar.example.com ").value is " https://foobar.example.com "
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit210LayoutTestsfastformsinputuserinputsanitizationhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization.html (0 => 192218)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization.html (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/forms/input-user-input-sanitization.html 2015-11-10 10:40:28 UTC (rev 192218)
</span><span class="lines">@@ -0,0 +1,47 @@
</span><ins>+<!DOCTYPE HTML>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+
+<body>
+
+<div id="container">
+ <input id="email" type="email">
+ <input id="password" type="password">
+ <input id="search" type="search">
+ <input id="telephone" type="telephone">
+ <input id="text" type="text">
+ <input id="url" type="url">
+</div>
+
+<script>
+function focusAndType(id, text)
+{
+ var input = document.getElementById(id);
+ input.focus();
+ for (var i = 0, len = text.length; i < len; i++) {
+ eventSender.keyDown(text[i]);
+ }
+ return input;
+}
+
+function testOne(id, text, expected)
+{
+ result = expected || text;
+ shouldBeEqualToString('focusAndType("' + id + '", "' + text + '").value', result);
+}
+
+description("Check whether or not sanitization is performed on user input in text-input elements.");
+
+testOne("email", " foobar@example.com ", "foobar@example.com");
+testOne("password", " foobar ");
+testOne("search", " foobar ");
+testOne("telephone", " 123-456-7890 ");
+testOne("text", " foobar ");
+testOne("url", " https://foobar.example.com ");
+</script>
+
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit210SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (192217 => 192218)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-11-10 10:38:13 UTC (rev 192217)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-11-10 10:40:28 UTC (rev 192218)
</span><span class="lines">@@ -1,3 +1,20 @@
</span><ins>+2015-10-27 Keith Rollin <krollin@apple.com>
+
+ Do not sanitize user input for input[type=url]
+ https://bugs.webkit.org/show_bug.cgi?id=150346
+ <rdar://problem/23243240>
+
+ Reviewed by Darin Adler.
+
+ Do not sanitize user input in text-based input fields that support
+ the Selection API, in order to not break JavaScript code that expects
+ element.value to match what's on the screen.
+
+ Test: fast/forms/input-user-input-sanitization.html
+
+ * html/TextFieldInputType.cpp:
+ (WebCore::TextFieldInputType::subtreeHasChanged):
+
</ins><span class="cx"> 2015-10-26 Philip Chimento <philip.chimento@gmail.com>
</span><span class="cx">
</span><span class="cx"> [GTK] [Stable] Build GL texture mapper only if USE_TEXTURE_MAPPER_GL
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit210SourceWebCorehtmlHTMLInputElementcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/html/HTMLInputElement.cpp (192217 => 192218)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/Source/WebCore/html/HTMLInputElement.cpp 2015-11-10 10:38:13 UTC (rev 192217)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/html/HTMLInputElement.cpp 2015-11-10 10:40:28 UTC (rev 192218)
</span><span class="lines">@@ -1046,10 +1046,14 @@
</span><span class="cx"> ASSERT(!isFileUpload());
</span><span class="cx">
</span><span class="cx"> // Renderer and our event handler are responsible for sanitizing values.
</span><del>- ASSERT(value == sanitizeValue(value) || sanitizeValue(value).isEmpty());
</del><ins>+ // Input types that support the selection API do *not* sanitize their
+ // user input in order to retain parity between what's in the model and
+ // what's on the screen.
+ ASSERT(m_inputType->supportsSelectionAPI() || value == sanitizeValue(value) || sanitizeValue(value).isEmpty());
</ins><span class="cx">
</span><span class="cx"> // Workaround for bug where trailing \n is included in the result of textContent.
</span><del>- // The assert macro above may also be simplified to: value == constrainValue(value)
</del><ins>+ // The assert macro above may also be simplified by removing the expression
+ // that calls isEmpty.
</ins><span class="cx"> // http://bugs.webkit.org/show_bug.cgi?id=9661
</span><span class="cx"> m_valueIfDirty = value == "\n" ? emptyString() : value;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit210SourceWebCorehtmlTextFieldInputTypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/html/TextFieldInputType.cpp (192217 => 192218)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/Source/WebCore/html/TextFieldInputType.cpp 2015-11-10 10:38:13 UTC (rev 192217)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/html/TextFieldInputType.cpp 2015-11-10 10:40:28 UTC (rev 192218)
</span><span class="lines">@@ -497,8 +497,17 @@
</span><span class="cx"> // We don't need to call sanitizeUserInputValue() function here because
</span><span class="cx"> // HTMLInputElement::handleBeforeTextInsertedEvent() has already called
</span><span class="cx"> // sanitizeUserInputValue().
</span><ins>+ // ---
</ins><span class="cx"> // sanitizeValue() is needed because IME input doesn't dispatch BeforeTextInsertedEvent.
</span><del>- element().setValueFromRenderer(sanitizeValue(convertFromVisibleValue(element().innerTextValue())));
</del><ins>+ // ---
+ // Input types that support the selection API do *not* sanitize their
+ // user input in order to retain parity between what's in the model and
+ // what's on the screen. Otherwise, we retain the sanitization process for
+ // backward compatibility. https://bugs.webkit.org/show_bug.cgi?id=150346
+ String innerText = convertFromVisibleValue(element().innerTextValue());
+ if (!supportsSelectionAPI())
+ innerText = sanitizeValue(innerText);
+ element().setValueFromRenderer(innerText);
</ins><span class="cx"> element().updatePlaceholderVisibility();
</span><span class="cx"> // Recalc for :invalid change.
</span><span class="cx"> element().setNeedsStyleRecalc();
</span></span></pre>
</div>
</div>
</body>
</html>