Source/WebCore/ChangeLog

 12011-06-03 Alexey Proskuryakov <ap@apple.com>
 2
 3 Reviewed by Darin Adler.
 4
 5 Input value sanitization for text fields is incorrect
 6 https://bugs.webkit.org/show_bug.cgi?id=62061
 7 <rdar://problem/9553273>
 8
 9 Newline characters should be removed according to HTML5, not replaced with spaces.
 10 This also matches Safari 5 behavior.
 11
 12 * html/TextFieldInputType.cpp:
 13 (WebCore::isASCIILineBreak): A functor for removeCharacters().
 14 (WebCore::limitLength): Do one thing at once.
 15 (WebCore::TextFieldInputType::sanitizeValue): Sanitization removes newlines.
 16 (WebCore::TextFieldInputType::handleBeforeTextInsertedEvent): Moved (somewhat surprising)
 17 code that replaces newlines with spaces here.
 18
1192011-06-03 Cary Clark <caryclark@google.com>
220
321 Reviewed by Eric Seidel.
88083

Source/WebCore/html/TextFieldInputType.cpp

@@bool TextFieldInputType::shouldUseInputM
186186 return true;
187187}
188188
189 static String replaceEOLAndLimitLength(const String& proposedValue, int maxLength)
 189static bool isASCIILineBreak(UChar c)
190190{
191  String string = proposedValue;
192  string.replace("\r\n", " ");
193  string.replace('\r', ' ');
194  string.replace('\n', ' ');
 191 return c == '\r' || c == '\n';
 192}
195193
 194static String limitLength(const String& string, int maxLength)
 195{
196196 unsigned newLength = numCharactersInGraphemeClusters(string, maxLength);
197197 for (unsigned i = 0; i < newLength; ++i) {
198198 const UChar current = string[i];

@@String TextFieldInputType::sanitizeValue
213213 return String();
214214 }
215215#endif
216  return replaceEOLAndLimitLength(proposedValue, HTMLInputElement::maximumLength);
 216 return limitLength(proposedValue.removeCharacters(isASCIILineBreak), HTMLInputElement::maximumLength);
217217}
218218
219219void TextFieldInputType::handleBeforeTextInsertedEvent(BeforeTextInsertedEvent* event)

@@void TextFieldInputType::handleBeforeTex
251251 return;
252252 }
253253#endif
254  event->setText(replaceEOLAndLimitLength(event->text(), appendableLength));
 254
 255 String eventText = event->text();
 256 eventText.replace("\r\n", " ");
 257 eventText.replace('\r', ' ');
 258 eventText.replace('\n', ' ');
 259
 260 event->setText(limitLength(eventText, appendableLength));
255261}
256262
257263bool TextFieldInputType::shouldRespectListAttribute()
87626

LayoutTests/ChangeLog

 12011-06-03 Alexey Proskuryakov <ap@apple.com>
 2
 3 Reviewed by Darin Adler.
 4
 5 Input value sanitization for text fields is incorrect
 6 https://bugs.webkit.org/show_bug.cgi?id=62061
 7 <rdar://problem/9553273>
 8
 9 * fast/forms/input-value-sanitization-expected.txt:
 10 * fast/forms/input-value-sanitization.html:
 11 * fast/forms/paste-multiline-text-input.html:
 12 * fast/forms/script-tests/input-value-sanitization.js: Removed.
 13
1142011-06-03 James Robinson <jamesr@chromium.org>
215
316 [chromium] Mark GPU-only expectations as GPU.
88083

LayoutTests/fast/forms/input-value-sanitization-expected.txt

11Tests for value sanitization algorithm.
22
3 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
4 
5 
63
74Number:
85PASS input.value is "65536"

@@Range:
1310PASS input.value is "50"
1411
1512Text:
16 PASS input.value is " foo bar "
17 PASS document.getSelection().toString() is " foo bar "
 13PASS input.value is " foo bar "
 14PASS document.getSelection().toString() is " foo bar "
1815PASS successfullyParsed is true
1916
2017TEST COMPLETE
87626

LayoutTests/fast/forms/input-value-sanitization.html

55<script src="../../fast/js/resources/js-test-pre.js"></script>
66</head>
77<body>
8 <p id="description"></p>
 8<p>Tests for value sanitization algorithm.</p>
99<div id="console"></div>
10 <script src="script-tests/input-value-sanitization.js"></script>
 10<script>
 11var input;
 12
 13debug('');
 14debug('Number:');
 15input = document.createElement('input');
 16input.setAttribute('value', '65536');
 17input.type = 'number';
 18shouldBe('input.value', '"65536"');
 19shouldBe('input.value = "256"; input.value', '"256"');
 20shouldBe('input.value = ""; input.value', '""');
 21
 22
 23debug('');
 24debug('Range:');
 25input = document.createElement('input');
 26input.type = 'text';
 27input.value = ':)';
 28input.type = 'range';
 29shouldBe('input.value', '"50"');
 30
 31debug('');
 32debug('Text:');
 33var container = document.createElement('div');
 34document.body.appendChild(container);
 35container.innerHTML = '<input type="text" id="text" value="\n\r foo bar \n\r\n">';
 36input = document.getElementById('text');
 37shouldBe('input.value', '" foo bar "');
 38input.focus();
 39document.execCommand('SelectAll');
 40shouldBe('document.getSelection().toString()', '" foo bar "');
 41
 42// FIXME: Add more sanitization tests.
 43// https://bugs.webkit.org/show_bug.cgi?id=37024
 44
 45container.innerHTML = '';
 46var successfullyParsed = true;
 47
 48</script>
1149<script src="../../fast/js/resources/js-test-post.js"></script>
1250</body>
1351</html>
87626

LayoutTests/fast/forms/paste-multiline-text-input.html

1010 }
1111
1212 var DEFAULT_LINE_1 = "line\t(1 of 2)\r\nline\t(2 of 2)";
13  var EXPECTED_LINE_1 = "line\t(1 of 2) line\t(2 of 2)";
 13 var EXPECTED_LINE_1 = "line\t(1 of 2)line\t(2 of 2)";
1414
 15 // FIXME: Is this really expected behavior to truncate the string at a null byte?
 16 // It doesn't match Firefox 4 and common sense.
1517 var DEFAULT_LINE_2 = "null\0char";
1618 var EXPECTED_LINE_2 = "null";
1719
87626

LayoutTests/fast/forms/script-tests/input-value-sanitization.js

1 description('Tests for value sanitization algorithm.');
2 
3 var input;
4 
5 debug('');
6 debug('Number:');
7 input = document.createElement('input');
8 input.setAttribute('value', '65536');
9 input.type = 'number';
10 shouldBe('input.value', '"65536"');
11 shouldBe('input.value = "256"; input.value', '"256"');
12 shouldBe('input.value = ""; input.value', '""');
13 
14 
15 debug('');
16 debug('Range:');
17 input = document.createElement('input');
18 input.type = 'text';
19 input.value = ':)';
20 input.type = 'range';
21 shouldBe('input.value', '"50"');
22 
23 debug('');
24 debug('Text:');
25 var container = document.createElement('div');
26 document.body.appendChild(container);
27 container.innerHTML = '<input type="text" id="text" value="\n\r foo bar \n\r\n">';
28 input = document.getElementById('text');
29 shouldBe('input.value', '" foo bar "');
30 input.focus();
31 document.execCommand('SelectAll');
32 shouldBe('document.getSelection().toString()', '" foo bar "');
33 
34 // FIXME: Add more sanitization tests.
35 // https://bugs.webkit.org/show_bug.cgi?id=37024
36 
37 container.innerHTML = '';
38 var successfullyParsed = true;
87626