[whatwg] Request to reconsider <input minlength=""> from Ryan Cannon on 2009-10-29 (public-whatwg-archive@w3.org from October 2009)

From: Ryan Cannon <ryan@ryancannon.com>
Date: Thu, 29 Oct 2009 15:03:54 -0700
Message-ID: <8830F14B-936C-469D-9CFB-F918F416D2FA@ryancannon.com>
Greetings,

I saw HTML5 was put into last call, and I wanted to add my request to  
reconsider adding <input minlength=""> to HTML5. With some searching,  
I found the following threads on the topic:

http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2006-February/005892.html
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2007-June/011661.html
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-October/016881.html

 From these threads, I've seen the main reasons not to add the  
attribute are:

   * Lack of use cases
   * <input pattern="" /> can do the same job
   * Unclear how user agents should implement the UI
   * It's not compelling enough to balloon the spec

I recently completed a JavaScript form validation implementation using  
HTML5 attributes and similar DOM methods (form.checkValidity(),   
input.checkValidity() and input.setCustomValidity()). This API was  
perfect, with the exception of missing minlength="".

Use Case
--------

Our username and password fields require a minimum of four characters.  
These fields have a simple pattern validation as well. I initially set  
up the inputs as:

     <input required pattern="[a-z0-9]{4,}" maxlength="20" />

This performs the desired validation correctly, but the problem comes  
when reporting the validation error to the user.

     validity.patternMismatch is semantically different than  
validity.tooShort

In order to correctly report the error to the user, I would have to do  
a second check of the value to figure out the problem. The only way to  
determine that the error was caused by too few characters as opposed  
to invalid characters would be to parse the pattern="" attribute in  
order to determine a minimum length required by the RegExp. Yuck. If  
the value was too long, this job would be handled by maxlength="". I  
added a minlength="" attribute.

The final result:

     <input required pattern="[a-z0-9]+" minlength="4" maxlength="20" />

Is more readable, provides a validation task I believe to be quite  
common without requiring knowledge of regular expressions.

Michael Fortin asked this question:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2007-June/011683.html

 > Should an
 > input with minlength smaller than it's value be filled with padding
 > characters? Before or after the value? And what happens to those
 > characters as you type?

My answer: the UI should not be altered due to the presence of  
minlength until validating the input value. There's no need to pad the  
value or prevent deletion of characters.

Although I lack formal numbers, pretty much every password field I've  
seen on the Internet requires a minimum number of characters, as do  
most usernames.

The only legitimate argument against minlength="" is that there is no  
room for it in the spec, and I personally disagree with that assessment.

Cheers,

-- 

Ryan Cannon
http://ryancannon.com/
Received on Thursday, 29 October 2009 15:03:54 UTC