- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 16 Feb 2010 23:55:08 -0800
Hi everyone, I'm currently going through our form submission code, and figured I should validate this against what the HTML5 spec says. Unfortunately it seems like processing form submissions is an area where servers are very fragile. Even minor tweaks seems to break servers, both in the past and recently. With that in mind, I recommend the following changes: In step 7, substep 1, of "Form submission algorithm" remove the bullet that says: "The field element is an input element whose type attribute is in the File Upload state but the control does not have any files selected". Additionally, add to step 8 "If no files are selected, append an entry in the form data set with the name as the name, the empty string as the value, and "application/octet-stream" as the type.". See [1] as to why. Somewhere it needs to be expressed that processing of <input type=hidden name="_charset_"> should happen even for multipart/form-data encoded submissions too. One way to accomplish this would be modify the "Form submission algorithm" so that _charset_ processing happens there instead of in the individual encoding formats. In step 7 substep 1 of the submission process, add a bullet that says: * The field element does not have a name attribute specified, or is the empty string. Except if the field element is an input element whose name attribute is in the Image state. and remove step 4. This will make it clearer that non-images are not submitted if they lack a non-empty name. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=529859 / Jonas
Received on Tuesday, 16 February 2010 23:55:08 UTC