[Webkit-unassigned] [Bug 150346] New: Do not sanitize user input for input[type=url]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 19 16:41:26 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=150346

            Bug ID: 150346
           Summary: Do not sanitize user input for input[type=url]
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Forms
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: krollin at apple.com

See Bug 148864. In addressing that bug, input[type=url] values are now sanitized when they are set. However, as Kent Tamura (tkent at chromium.org) points out:

-----
The specification and the test ask to sanitize
 a) text set by |value| IDL attribute
 b) text set by |value| content attribute

but not 
 c) text set by user.

In WebKit and Blink, InputType::sanitizeValue is called in all of three cases for now.

The problem after your change is that selection API won't work well.
e.g.
  we have input[type=url].  A user puts "   http://apple.com/   " (23 characters).  JavaScript code runs:

  var length = input.value.length;  // 17 because whitepsaces are stripped.
  input.setSelectionRange(length, length);  // Move the caret at the end

This sets the caret on "o", not the end of the value.

So, I proposed we didn't strip whitespaces for user input.  input[type=email] doesn't have this issue because it doesn't support selection API.
-----

This proposal seems supported by the HTML spec, which says of input[type=url]: "The value attribute, if specified and not empty, must have a value that is a valid URL potentially surrounded by spaces that is also an absolute URL." Since text is sanitized when setting element.value or when initialized from the content attribute, the only way these potential spaces can appear is from user input.

As part of this, see also:

https://bugs.webkit.org/show_bug.cgi?id=148864
https://code.google.com/p/chromium/issues/detail?id=446108
https://www.w3.org/Bugs/Public/show_bug.cgi?id=28401

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151019/5f60fea9/attachment.html>

More information about the webkit-unassigned mailing list