W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > September 2011

[Bug 13769] Whitespace-only values should be considered empty in required form fields

From: <bugzilla@jessica.w3.org>
Date: Fri, 30 Sep 2011 20:26:06 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1R9jeo-0002Di-9s@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13769

--- Comment #17 from Marat Tanalin | tanalin.com <mtanalin@yandex.ru> 2011-09-30 20:26:05 UTC ---
(In reply to comment #15)

While you just _assume_, we as web-developers exactly _know_: if a field is
required, there is no and there should no any difference between literally
zero-length string and whitespace-only string.

There is already enough argumentation here to accept this.

Adding pattern to _all_ required fields is obviously not a rational option.

For exact characters to trim, see PHP's trim() function.

> If your server is willing to accept what looks like invisible input such as
> control characters, or barely-visible input like ".", then it's not at all
> clear to me why a single space would be any different.

Unclear phrase for me.

=====

Again and last time: browser-side validation is NOT about security AT ALL. It's
about user's MISTAKES and improving USABILITY of forms by preventing redundant
"submit -> server-side validation error" iteration. If user _want_ to work
around validation, he will do this anyway. But that case has nothing to do with
validation as usability measure to prevent user's MISTAKES.

If the bug will not be fixed, then web-developers will likely just use
'required' attribute (without garbage 'pattern' attribute, of course), thus
still forcing user to make mistakes by accidental typing-in invisible
characters and sending this to server and returning same form with server-side
validation errors.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Friday, 30 September 2011 20:26:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 30 September 2011 20:26:12 GMT