W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2006

[whatwg] form validation of values that aren't entered by the user

From: Hallvord Reiar Michaelsen Steen <hallvord@hallvord.com>
Date: Wed, 01 Feb 2006 21:49:47 +0900
Message-ID: <43E12CFB.15332.3F27ABA5@hallvord.hallvord.com>
I've already brought up this issue because of the kayak.com search 
fields with a maxlength smaller than the length of the strings 
scripts would insert into the input elements. I'd like to discuss 
things more generally: it is a serious UI and usability problem to 
validate values that are not entered by the user: how am I supposed 
to understand the problem if the UA tells me I typed too much text in 
a box I never typed anything into? It becomes a serious problem with 
legacy applications when we extend the meaning of MAXLENGTH. I'm 
pretty sure we'll find code like <input readonly maxlength="5" 
value="Hello world"> - the user has no chance of submitting that 

There are two cases if non-user-caused invalidity: invalid content 
can be sent from server as the default attribute, and invalid states 
may be created from scripts.

I suggest that 
1) willValidate should exclude readonly controls. Nothing the user 
can do about those anyway.

2) We should ignore maxlength errors for default values. Something 
like the following pseudokode:

if current value length > maxlength
    if current value != default value
    // user changed text not according to restrictions
   show validation error messag
else// assuming author error. ignore. and submit form anyway

And of course I hope my earlier suggestion to fire onsubmit *after* 
validation will be taken into the spec :-)
Hallvord Reiar Michaelsen Steen
Received on Wednesday, 1 February 2006 04:49:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:26 UTC