[Webkit-unassigned] [Bug 150346] New: Do not sanitize user input for input[type=url]
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 19 16:41:26 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150346
Bug ID: 150346
Summary: Do not sanitize user input for input[type=url]
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Forms
Assignee: webkit-unassigned at lists.webkit.org
Reporter: krollin at apple.com
See Bug 148864. In addressing that bug, input[type=url] values are now sanitized when they are set. However, as Kent Tamura (tkent at chromium.org) points out:
-----
The specification and the test ask to sanitize
a) text set by |value| IDL attribute
b) text set by |value| content attribute
but not
c) text set by user.
In WebKit and Blink, InputType::sanitizeValue is called in all of three cases for now.
The problem after your change is that selection API won't work well.
e.g.
we have input[type=url]. A user puts " http://apple.com/ " (23 characters). JavaScript code runs:
var length = input.value.length; // 17 because whitepsaces are stripped.
input.setSelectionRange(length, length); // Move the caret at the end
This sets the caret on "o", not the end of the value.
So, I proposed we didn't strip whitespaces for user input. input[type=email] doesn't have this issue because it doesn't support selection API.
-----
This proposal seems supported by the HTML spec, which says of input[type=url]: "The value attribute, if specified and not empty, must have a value that is a valid URL potentially surrounded by spaces that is also an absolute URL." Since text is sanitized when setting element.value or when initialized from the content attribute, the only way these potential spaces can appear is from user input.
As part of this, see also:
https://bugs.webkit.org/show_bug.cgi?id=148864
https://code.google.com/p/chromium/issues/detail?id=446108
https://www.w3.org/Bugs/Public/show_bug.cgi?id=28401
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151019/5f60fea9/attachment.html>
More information about the webkit-unassigned
mailing list