[Webkit-unassigned] [Bug 59951] Implement Date and Time Input Value Sanitization

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 2 10:36:13 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=59951





--- Comment #12 from Joseph Pecoraro <joepeck at webkit.org>  2011-06-02 10:36:13 PST ---
(In reply to comment #11)
> (From update of attachment 91997 [details])
> I'm surprised we don't auto-detect sanitization in the tests by just checking
> what the JS object returns after we set it.  Or maybe that wouldn't work.

Unless I'm misunderstanding you, I think that is what we do. If we expect the
value to be sanitized, we expect its value to be the empty string after we set it:

  - PASS The value "foo" doesn't underflow the minimum value "2011-W01".
  + PASS The value "" sanitized from "foo" doesn't underflow the minimum value "2011-W01".

Before this change, date inputs were treated like text fields, and you could
set inputElem.value to a bad value and that would be allowed. Web content
could detect that with inputElem.validity. After this change, that would
not be allowed, and you get:

  inputElem.value = "bad";
  inputElem.value === ""; // true

However, because right now there are no UIs to manage putting valid date
strings into input fields, we feel this change shouldn't land. If it landed we
would be requiring users to type in absolutely valid strings, otherwise it
would sanitize out their bad input.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list