Re: <input type="number"> restricting user input to only valid characters from Michael A. Puls II on 2009-07-14 (public-html@w3.org from July 2009)

From: Michael A. Puls II <shadow2531@gmail.com>
Date: Tue, 14 Jul 2009 04:23:59 -0400
To: "Ian Hickson" <ian@hixie.ch>
Cc: public-html@w3.org
Message-ID: <op.uw1tl9001ejg13@sandra-svwliu01>

On Tue, 14 Jul 2009 01:29:43 -0400, Ian Hickson <ian@hixie.ch> wrote:

> On Fri, 19 Jun 2009, Michael A. Puls II wrote:
>>
>> With <input type="number">, if a user enters "abc" for example, the
>> specs says to handle that as if the value is an empty string.
>
> No, the spec doesn't say how to handle it. That's a user interface issue,
> out of scope of the spec.
>
> It does say, however, that:
>
> # User agents must not allow the user to set the value to a string that  
> is
> # not a valid floating point number.
>
> ...so if the user does enter "abc", it won't affect the element's value.

<http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#number-state>
I do see "User agents must not allow the user to set the value to a string  
that is not a valid floating point number".

But, I also see "The value sanitization algorithm is as follows: If the  
value of the element is not a valid floating point number, then set it to  
the empty string instead.", which is where I got the empty string part  
from.

But, with "User agents must not allow the user to set the value to a  
string that is not a valid floating point number", what does that mean  
with the following?

<input type="number">

If the user types "abc", should .value return "abc" or "" or "whatever the  
last valid value was"?

Or, is "abc" only converted to "" when submitting?

>> However, should the UA even allow the user to enter those characters in
>> the field? It seems like if the keypress is not one of "-+.e0123456789"
>> (or "," instead of "." depending on the locale), then the keypress
>> should be prevented. Or, if a value that's pasted into the field that's
>> invalid should be prevented.
>
> That's up to the UA.

Yikes. Hopefully UAs can come to an agreement on how to handle this in a  
consistent way.

>> Or, is validation only meant for when it's time to submit?
>
> Validation is independent of user entry. It's not possible for "abc" to
> become the value through user interaction.
>
>
>> Or, is this one of things where "The UA can do whatever it wants"? If
>> so, is there any common practice that should be followed with user input
>> in this case?
>
> I don't know of any common practices yet.
>

-- 
Michael

Received on Tuesday, 14 July 2009 08:24:45 UTC