W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2011

[whatwg] input element's value should not be sanitized during parsing

From: Mounir Lamouri <mounir.lamouri@gmail.com>
Date: Wed, 30 Mar 2011 17:18:40 +0200
Message-ID: <4D9349D0.6040204@gmail.com>
On 03/12/2011 12:56 AM, Jonas Sicking wrote:
>>> inp = document.createElement("input");
>>> inp.setAttribute("value", "foo\nbar");
>>> inp.setAttribute("type", "hidden");
>>>
>>> and
>>>
>>> inp = document.createElement("input");
>>> inp.setAttribute("type", "hidden");
>>> inp.setAttribute("value", "foo\nbar");
>>>
>>> This does not seem desirable.
>>
>> I can't argue that it's desireable, but it's how the Web works, as I
>> understand it.
> 
> Gecko doesn't exhibit this behavior and I don't know of any sites that
> doesn't work in Gecko because of this.

FWIW, it does. The first inp.value is 'foobar' while the second is 'foo
bar'.
See: http://software.hixie.ch/utilities/js/live-dom-viewer/saved/900

Though, I do not think this is related to the initial issue which is
about setting attributes while creating the element from the parser.

--
Mounir
Received on Wednesday, 30 March 2011 08:18:40 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC