- From: Mounir Lamouri <mounir.lamouri@gmail.com>
- Date: Mon, 20 Sep 2010 23:48:16 -0700
Hi, For a few days, Firefox's nightly had a bug related to value sanitizing which happens to be a specification bug. With the current specification, these two elements will not have the same value: <input value="foo bar" type='hidden'> <input type='hidden' value="foo bar"> Depending on how the attributes are read, value will be set before or after type, thus, changing the value sanitization algorithm. So, the value sanitization algorithm of <input type='text'> will be used for one of these elements and the value will be "foobar". The following change would fix that bug: - The specification should add that the value sanitization algorithm should not be used during parsing/as long as the element hasn't been created. OR - The specification should add in the set value content attribute paragraph that the value sanitization algorithm should not be run during parsing/if the element hasn't been created. For a specification point of view, both changes would have the same result. The specifications already require that the value sanitization algorithm should be run when the element is "first created". So, with this change, the element's value will be un-sanitized during parsing and as soon as the parsing will be done, the element's value will be sanitized. By the way, "first created" could probably be changed to a concept from the specifications. We can guess what that means but there is no strong notion behind this words AFAIK. Thanks, -- Mounir
Received on Monday, 20 September 2010 23:48:16 UTC