- From: <bugzilla@wiggum.w3.org>
- Date: Fri, 27 Mar 2009 03:54:33 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=6742 Summary: pre-encoded form values should be restorable as submitted Product: HTML WG Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Spec bugs AssignedTo: dave.null@w3.org ReportedBy: Nick_Levinson@yahoo.com QAContact: public-html-bugzilla@w3.org CC: ian@hixie.ch, mike@w3.org, public-html@w3.org Suppose a submitting user types into an HTML form field the following sentence: I am puzzled by %26. None of this is dangerous, so none of this needs encoding, so an HTML-compliant user agent will submit the sentence unchanged to the next stage, which might result in simple storage in a database. Now suppose the sentence is retrieved and decoded. If whether decoding is needed is determined by the presence of a percent-encoding or numeric entity reference and not by a separate flag or list, then the parser function should produce the following: I am puzzled by &. This may not be what the submitting user intended. If the submitting user is not very computer-savvy, they won't know about encoding at all and therefore won't anticipate it. The human recipient, if also not very computer-savvy, won't know what happened and will think they are seeing literally what was entered. The resulting human-to-human conversation via HTML would likely be confusing, if communications don't break down entirely. I propose that an option exist to permit accurate restoration. The option should be asserted in the HTML markup for the form or in the document head. The user agent should then be responsible for either suspending or delaying all encoding or for delimiting or listing passages that are not encoded by the user agent even if they already appear in encoded style. This is in reference to section 4.10.15 of the Working Draft of February 12, 2009, including 4.10.15.3, step 6, substeps 1 and 2, or any successor provisions. Since safety requires encoding, it must be performed at some stage. Therefore, if assertion of the option suspends or delays all encoding, that would be to permit the website author to provide a method that when executed results in safety, i.e., in no need for further encoding. The website author might, for example, devise a method that lists passages not to be changed when restored later. If the method is not executed or it does not produce the result required for safety, the user agent would then encode as it must now. A delimiter can be any string that does not appear elsewhere in the submission. The number of possible delimiters is infinite; e.g., if j, jj, and jjj are in the submission, then jjjj might qualify as the delimiter. The delimiter would not have to be the same in all submissions using that form, that page, that website, or that user agent, as long as a field or value is added to the form to declare the delimiter for the submission. The existence or absence of a delimiter declaration in a submission would signal the parser function as to what to do. This leaves open whether the website author or the user agent is responsible for a method once the option for accurate restoration is asserted and a method is needed. One is responsible, and as a fallback it will be the user agent, as now. If there's a possibility for creativity or variety in method, then the website author should be allowed to interject a method, such as a third-party-developed method. Thank you. -- Nick -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Friday, 27 March 2009 03:54:41 UTC