Context Navigation

Changeset 88110 in webkit

Timestamp:

Jun 4, 2011, 4:23:09 AM (14 years ago)

Author:

ap@apple.com

Message:

2011-06-04 Alexey Proskuryakov <ap@apple.com>

Reviewed by Darin Adler.

Input value sanitization for text fields is incorrect
https://bugs.webkit.org/show_bug.cgi?id=62061
<rdar://problem/9553273>

2011-06-04 Alexey Proskuryakov <ap@apple.com>

Reviewed by Darin Adler.

Input value sanitization for text fields is incorrect
https://bugs.webkit.org/show_bug.cgi?id=62061
<rdar://problem/9553273>

Newline characters should be removed according to HTML5, not replaced with spaces.
This also matches Safari 5 behavior.

html/TextFieldInputType.cpp: (WebCore::isASCIILineBreak): A functor for removeCharacters(). (WebCore::limitLength): Do one thing at once. (WebCore::TextFieldInputType::sanitizeValue): Sanitization removes newlines. (WebCore::TextFieldInputType::handleBeforeTextInsertedEvent): Moved (somewhat surprising) code that replaces newlines with spaces here.

Location:

trunk

Files:

-              r88104
+              r88110
+-06-04  Alexey Proskuryakov  <ap@apple.com>
+        Reviewed by Darin Adler.
+        Input value sanitization for text fields is incorrect
+        https://bugs.webkit.org/show_bug.cgi?id=62061
+        <rdar://problem/9553273>
+        * fast/forms/input-value-sanitization-expected.txt:
+        * fast/forms/input-value-sanitization.html:
+        * fast/forms/paste-multiline-text-input.html:
+        * fast/forms/script-tests/input-value-sanitization.js: Removed.
 -06-04  Jeffrey Pfau  <jpfau@apple.com>

-              r82801
+              r88110
 Tests for value sanitization algorithm.
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
 …
 Text:
 PASS input.value is "   foo bar   "
 PASS document.getSelection().toString() is "   foo bar   "
+PASS input.value is " foo bar "
+PASS document.getSelection().toString() is " foo bar "
 PASS successfullyParsed is true

-              r63876
+              r88110
 </head>
 <body>
 <p id="description"></p>
+<p>Tests for value sanitization algorithm.</p>
 <div id="console"></div>
+<script src="script-tests/input-value-sanitization.js"></script>
+<script>
+var input;
+debug('');
+debug('Number:');
+input = document.createElement('input');
+input.setAttribute('value', '65536');
+input.type = 'number';
+shouldBe('input.value', '"65536"');
+shouldBe('input.value = "256"; input.value', '"256"');
+shouldBe('input.value = ""; input.value', '""');
+debug('');
+debug('Range:');
+input = document.createElement('input');
+input.type = 'text';
+input.value = ':)';
+input.type = 'range';
+shouldBe('input.value', '"50"');
+debug('');
+debug('Text:');
+var container = document.createElement('div');
+document.body.appendChild(container);
+container.innerHTML = '<input type="text" id="text" value="\n\r foo bar \n\r\n">';
+input = document.getElementById('text');
+shouldBe('input.value', '" foo bar "');
+input.focus();
+document.execCommand('SelectAll');
+shouldBe('document.getSelection().toString()', '" foo bar "');
+// FIXME: Add more sanitization tests.
+// https://bugs.webkit.org/show_bug.cgi?id=37024
+container.innerHTML = '';
+var successfullyParsed = true;
+</script>
 <script src="../../fast/js/resources/js-test-post.js"></script>
 </body>

-              r37539
+              r88110
         var DEFAULT_LINE_1 = "line\t(1 of 2)\r\nline\t(2 of 2)";
         var EXPECTED_LINE_1 = "line\t(1 of 2) line\t(2 of 2)";
+        var EXPECTED_LINE_1 = "line\t(1 of 2)line\t(2 of 2)";
+        // FIXME: Is this really expected behavior to truncate the string at a null byte?
+        // It doesn't match Firefox 4 and common sense.
         var DEFAULT_LINE_2 = "null\0char";
         var EXPECTED_LINE_2 = "null";

-              r88104
+              r88110
+-06-04  Alexey Proskuryakov  <ap@apple.com>
+        Reviewed by Darin Adler.
+        Input value sanitization for text fields is incorrect
+        https://bugs.webkit.org/show_bug.cgi?id=62061
+        <rdar://problem/9553273>
+        Newline characters should be removed according to HTML5, not replaced with spaces.
+        This also matches Safari 5 behavior.
+        * html/TextFieldInputType.cpp:
+        (WebCore::isASCIILineBreak): A functor for removeCharacters().
+        (WebCore::limitLength): Do one thing at once.
+        (WebCore::TextFieldInputType::sanitizeValue): Sanitization removes newlines.
+        (WebCore::TextFieldInputType::handleBeforeTextInsertedEvent): Moved (somewhat surprising)
+        code that replaces newlines with spaces here.
 -06-04  Jeffrey Pfau  <jpfau@apple.com>

-              r87980
+              r88110
+}
 static String replaceEOLAndLimitLength(const String& proposedValue, int maxLength)
+{
     String string = proposedValue;
+    string.replace("\r\n", " ");
+    string.replace('\r', ' ');
+    string.replace('\n', ' ');
+static bool isASCIILineBreak(UChar c)
+{
+    return c == '\r' || c == '\n';
+}
+static String limitLength(const String& string, int maxLength)
+{
     unsigned newLength = numCharactersInGraphemeClusters(string, maxLength);
     for (unsigned i = 0; i < newLength; ++i) {
 …
+    }
 #endif
     return replaceEOLAndLimitLength(proposedValue, HTMLInputElement::maximumLength);
+    return limitLength(proposedValue.removeCharacters(isASCIILineBreak), HTMLInputElement::maximumLength);
+}
 …
+    }
 #endif
+    event->setText(replaceEOLAndLimitLength(event->text(), appendableLength));
+    String eventText = event->text();
+    eventText.replace("\r\n", " ");
+    eventText.replace('\r', ' ');
+    eventText.replace('\n', ' ');
+    event->setText(limitLength(eventText, appendableLength));
+}

Note: See TracChangeset for help on using the changeset viewer.