- From: <bugzilla@jessica.w3.org>
- Date: Fri, 30 Sep 2011 20:26:06 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13769 --- Comment #17 from Marat Tanalin | tanalin.com <mtanalin@yandex.ru> 2011-09-30 20:26:05 UTC --- (In reply to comment #15) While you just _assume_, we as web-developers exactly _know_: if a field is required, there is no and there should no any difference between literally zero-length string and whitespace-only string. There is already enough argumentation here to accept this. Adding pattern to _all_ required fields is obviously not a rational option. For exact characters to trim, see PHP's trim() function. > If your server is willing to accept what looks like invisible input such as > control characters, or barely-visible input like ".", then it's not at all > clear to me why a single space would be any different. Unclear phrase for me. ===== Again and last time: browser-side validation is NOT about security AT ALL. It's about user's MISTAKES and improving USABILITY of forms by preventing redundant "submit -> server-side validation error" iteration. If user _want_ to work around validation, he will do this anyway. But that case has nothing to do with validation as usability measure to prevent user's MISTAKES. If the bug will not be fixed, then web-developers will likely just use 'required' attribute (without garbage 'pattern' attribute, of course), thus still forcing user to make mistakes by accidental typing-in invisible characters and sending this to server and returning same form with server-side validation errors. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Friday, 30 September 2011 20:26:11 UTC