- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 26 Nov 2008 12:41:46 +0000 (UTC)
On Thu, 25 Oct 2007, Vlad Alexander (xhtml.com) wrote: > > Request for the HTML 5 forms section: > > Alternate content such as form controls should not participate in the > HTTP POST if the <object> can be rendered. In this example, if logo.gif > can be rendered, then data from <textarea> should not be send to the > server: > > <object data="logo.gif" type="image/gif" width="180" height="60"> > <textarea id="abc" name="abc" rows="5" cols="70">Hello World!</textarea> > </object> > > Here is a test page for the above example: > http://misc.xstandard.com/mozilla/alternate-content1.asp > > This causes problems for plug-ins loaded via the <object> element. In > this example, the same "name" is used for both the <object> and > <textarea> elements because most CMS expect only one field to be > submitted from a control. > > <object name="abc" type="application/x-xstandard"> > <param name="Value" value="some text" /> > <textarea name="abc">more text</textarea> > </object> > > In the above example, data is sent to the server from both the plug-in > (correct) and the alternate content (incorrect). > > IE and Opera support this. The HTML 5 spec should formally define this > behavior. > > https://bugzilla.mozilla.org/show_bug.cgi?id=335567 > http://bugs.webkit.org/show_bug.cgi?id=11803 IE's behavior isn't really one we can copy; they do this at the parser level, which is bad for all kinds of reasons. If they fix their parser, their handling of form controls here will start working. It seems like this problem is easy to work around by simply not using proprietary plugins or, if one is forced to use them, by simply using controls with different names or differentiating them based on their position in the submitted data. I haven't changed the spec, as there seems to be minimal interest in this issue and it has easy and simple workarounds. It's also not clear that it really is a bug, after all, there could easily be use cases for putting <input type=hidden> controls in the <object>, and one can even imagine an <object> showing an HTML page that pokes around the fallback content to set form controls accordingly. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 26 November 2008 04:41:46 UTC