W3C home > Mailing lists > Public > www-style@w3.org > August 2009

Re: [css3-ui]? Proposal for ::error pseudoelement

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 25 Aug 2009 15:52:24 -0400
Message-ID: <4A9440F8.8030301@mit.edu>
To: "Tab Atkins Jr." <jackalmage@gmail.com>
CC: www-style list <www-style@w3.org>
Tab Atkins Jr. wrote:
>> How would this work if the error message is NOT "just a text string in a
>> box"?
> The hope is that the browser exposes it as just a text string in a box
> for now, and any further elaborations can instead be done through
> shadow methods like XBL2, when that gets supported.

You're assuming the error message is shown in the website content area 
to start with.  That doesn't seem like an assumption we want to be making.

>>  What's the use case?
> For content, or in general?

For content.

> For content, paired with a more elaborate :invalid() syntax like I
> proposed a few hours ago on the list, you could write your own
> validity messages by targeting particular input/error combinations.

Which leads to immediate internationalization issues, right?

> In general, the use-case is that authors want to be able to style the
> display of the error messages to match the general spirit of the page.

What if the error messages are not in the page?

>  Unlike form elements, where control of the UI can actually be a
> security issue, this should be perfectly safe to expose.

I haven't looked at the set of errors HTML5 defines to see whether this 
is the case.  That said, with the exception of file inputs there are no 
security issue for form controls.  There _are_ issues involving the 
native look of the controls, the fact that CSS can't describe their 
rendering very well, etc.

Note that there _might_ in fact be security issues with putting active 
content (rather implied by your XBL2 mentions) in the error messages. 
Again, I haven't looked into the details of the error messages yet, but 
letting websites inject scripted browser UI is a red flag for me.

> Indeed, it would prevent that.  I don't think that the browser has
> enough information to actually present that sort of error display,
> though.  If you have the error messages physically disconnected from
> the input, you need a way to unambiguously connect the message to the
> input.

Sure; clicking on the error message flashes the input.  Much like the 
Inspect feature in Firebug, say.

> Libraries like the jQuery validate plugin can do this because
> they can use a completely custom error message, but as a
> browser-default that wouldn't be possible.

I don't see why not.

> At the bare minimum the ::error pseudoelement is needed so that
> authors can display:none it and use scripting to display their own
> messages.

Suppressing display of the error message altogether seems like something 
the HTML spec should be defining, no?

> I believe that the browser UI can be usefully constrained
> sufficiently to allow full control to the page author, however.
> Browser-generated UI within a page should really be limited as much as
> possible - it always makes us authors unhappy.

Yes; hence my supposition that some browsers might opt to not put this 
UI within the page.  However you proposal would require them to do so.

Received on Tuesday, 25 August 2009 19:53:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:07:38 UTC