Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-22 23:03:42 +01:00
Code Issues Projects Releases Packages Wiki Activity

Auto merge of #18262 - KiChjang:value-sanitization, r=nox

Browse source 
Implement value sanitization on HTMLInputElement

https://html.spec.whatwg.org/multipage/input.html#value-sanitization-algorithm

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/18262)
<!-- Reviewable:end -->
This commit is contained in:
bors-servo 2017-11-09 18:35:07 -06:00 committed by GitHub
commit 338e2ae520
15 changed files with 213 additions and 285 deletions
Download patch file Download diff file Expand all files Collapse all files

23
components/script/dom/bindings/str.rs
View file

@ -185,6 +185,29 @@ impl DOMString {
pub fn bytes(&self) -> Bytes {
self.0.bytes()
}
/// Removes newline characters according to <https://infra.spec.whatwg.org/#strip-newlines>.
pub fn strip_newlines(&mut self) {
self.0.retain(|c| c != '\r' && c != '\n');
}
/// Removes leading and trailing ASCII whitespaces according to
/// <https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace>.
pub fn strip_leading_and_trailing_ascii_whitespace(&mut self) {
if self.0.len() == 0 { return; }
let last_non_whitespace = match self.0.rfind(|ref c| !char::is_ascii_whitespace(c)) {
Some(idx) => idx + 1,
None => {
self.0.clear();
return;
}
};
let first_non_whitespace = self.0.find(|ref c| !char::is_ascii_whitespace(c)).unwrap();
self.0.truncate(last_non_whitespace);
let _ = self.0.splice(0..first_non_whitespace, "");
}
}
impl Borrow<str> for DOMString {

36
components/script/dom/htmlinputelement.rs
View file

@ -46,11 +46,12 @@ use script_traits::ScriptToConstellationChan;
use servo_atoms::Atom;
use std::borrow::ToOwned;
use std::cell::Cell;
use std::mem;
use std::ops::Range;
use style::attr::AttrValue;
use style::element_state::ElementState;
use style::str::split_commas;
use textinput::{SelectionDirection, TextInput};
use textinput::{Direction, Selection, SelectionDirection, TextInput};
use textinput::KeyReaction::{DispatchInput, Nothing, RedrawSelection, TriggerDefaultAction};
use textinput::Lines::Single;
@ -175,7 +176,7 @@ impl HTMLInputElement {
.map_or_else(|| atom!(""), |a| a.value().as_atom().to_owned())
}
// https://html.spec.whatwg.org/multipage/#input-type-attr-summary
// https://html.spec.whatwg.org/multipage/#dom-input-value
fn value_mode(&self) -> ValueMode {
match self.input_type.get() {
InputType::InputSubmit |
@ -409,8 +410,17 @@ impl HTMLInputElementMethods for HTMLInputElement {
fn SetValue(&self, value: DOMString) -> ErrorResult {
match self.value_mode() {
ValueMode::Value => {
self.textinput.borrow_mut().set_content(value);
// Steps 1-2.
let old_value = mem::replace(self.textinput.borrow_mut().single_line_content_mut(), value);
// Step 3.
self.value_dirty.set(true);
// Step 4.
self.sanitize_value();
// Step 5.
if *self.textinput.borrow().single_line_content() != old_value {
self.textinput.borrow_mut()
.adjust_horizontal_to_limit(Direction::Forward, Selection::NotSelected);
}
}
ValueMode::Default |
ValueMode::DefaultOn => {
@ -859,6 +869,23 @@ impl HTMLInputElement {
target.fire_bubbling_event(atom!("change"));
}
}
// https://html.spec.whatwg.org/multipage/#value-sanitization-algorithm
fn sanitize_value(&self) {
match self.type_() {
atom!("text") | atom!("search") | atom!("tel") | atom!("password") => {
self.textinput.borrow_mut().single_line_content_mut().strip_newlines();
}
atom!("url") => {
let mut textinput = self.textinput.borrow_mut();
let content = textinput.single_line_content_mut();
content.strip_newlines();
content.strip_leading_and_trailing_ascii_whitespace();
}
// TODO: Implement more value sanitization algorithms for different types of inputs
_ => ()
}
}
}
impl VirtualMethods for HTMLInputElement {
@ -972,7 +999,8 @@ impl VirtualMethods for HTMLInputElement {
self.radio_group_name().as_ref());
}
// TODO: Step 6 - value sanitization
// Step 6
self.sanitize_value();
},
AttributeMutation::Removed => {
if self.input_type.get() == InputType::InputRadio {

3
components/script/lib.rs
View file

@ -4,11 +4,14 @@
#![cfg_attr(feature = "unstable", feature(core_intrinsics))]
#![cfg_attr(feature = "unstable", feature(on_unimplemented))]
#![feature(ascii_ctype)]
#![feature(conservative_impl_trait)]
#![feature(const_fn)]
#![feature(mpsc_select)]
#![feature(plugin)]
#![feature(proc_macro)]
#![feature(splice)]
#![feature(string_retain)]
#![deny(unsafe_code)]
#![allow(non_snake_case)]

12
components/script/textinput.rs
View file

@ -754,6 +754,18 @@ impl<T: ClipboardProvider> TextInput<T> {
DOMString::from(content)
}
/// Get a reference to the contents of a single-line text input. Panics if self is a multiline input.
pub fn single_line_content(&self) -> &DOMString {
assert!(!self.multiline);
&self.lines[0]
}
/// Get a mutable reference to the contents of a single-line text input. Panics if self is a multiline input.
pub fn single_line_content_mut(&mut self) -> &mut DOMString {
assert!(!self.multiline);
&mut self.lines[0]
}
/// Set the current contents of the text input. If this is control supports multiple lines,
/// any \n encountered will be stripped and force a new logical line.
pub fn set_content(&mut self, content: DOMString) {

2
tests/wpt/metadata/MANIFEST.json
View file

@ -539065,7 +539065,7 @@
"testharness"
],
"html/semantics/forms/the-input-element/type-change-state.html": [
"afe11a6681a54ccd404cb5a85a6768c0d0ddb30c",
"927c8f78d173edd6e82badf4a1584df3c50c5505",
"testharness"
],
"html/semantics/forms/the-input-element/url.html": [

25
tests/wpt/metadata/html/semantics/forms/textfieldselection/selection-start-end.html.ini
View file

@ -1,5 +1,6 @@
[selection-start-end.html]
type: testharness
expected: TIMEOUT
[onselect should fire when selectionStart is changed]
expected: FAIL
@ -15,3 +16,27 @@
[selectionStart edge-case values]
expected: FAIL
[onselect should fire when selectionStart is changed on input-appended]
expected: NOTRUN
[onselect should fire when selectionStart is changed on input-not-appended]
expected: NOTRUN
[onselect should fire when selectionStart is changed on input-appended-prefocused]
expected: NOTRUN
[onselect should fire when selectionStart is changed on input-not-appended-prefocused]
expected: NOTRUN
[onselect should fire when selectionEnd is changed on input-appended]
expected: NOTRUN
[onselect should fire when selectionEnd is changed on input-not-appended]
expected: NOTRUN
[onselect should fire when selectionEnd is changed on input-appended-prefocused]
expected: NOTRUN
[onselect should fire when selectionEnd is changed on input-not-appended-prefocused]
expected: NOTRUN

3
tests/wpt/metadata/html/semantics/forms/textfieldselection/selection-value-interactions.html.ini
View file

@ -30,9 +30,6 @@
[value dirty flag behavior after setRangeText on focused then blurred input]
expected: FAIL
[selection is always collapsed to the end after setting values on input]
expected: FAIL
[selection is always collapsed to the end after setting values on textarea]
expected: FAIL

6
tests/wpt/metadata/html/semantics/forms/textfieldselection/selection.html.ini
View file

@ -33,9 +33,6 @@
[test SelectionStart offset for input that is appended]
expected: FAIL
[test SelectionStart offset for input that is not appended]
expected: FAIL
[test SelectionStart offset for textarea that is appended]
expected: FAIL
@ -45,9 +42,6 @@
[test SelectionEnd offset for input that is appended]
expected: FAIL
[test SelectionEnd offset for input that is not appended]
expected: FAIL
[test SelectionEnd offset for textarea that is appended]
expected: FAIL

8
tests/wpt/metadata/html/semantics/forms/the-input-element/password.html.ini
View file

@ -1,8 +0,0 @@
[password.html]
type: testharness
[Value sanitization algorithm should strip line breaks for password]
expected: FAIL
[sanitization algorithm strips line breaks]
expected: FAIL

6
tests/wpt/metadata/html/semantics/forms/the-input-element/telephone.html.ini
View file

@ -1,11 +1,5 @@
[telephone.html]
type: testharness
[User agents must not allow users to insert "LF" (U+000A)]
expected: FAIL
[User agents must not allow users to insert "CR" (U+000D)]
expected: FAIL
[The value attribute, if specified, must have a value that contains no "LF" (U+000A)]
expected: FAIL

6
tests/wpt/metadata/html/semantics/forms/the-input-element/text.html.ini
View file

@ -1,8 +1,5 @@
[text.html]
type: testharness
[Value sanitization algorithm should strip line breaks for text]
expected: FAIL
[valueAsDate attribute must return null for text]
expected: FAIL
@ -18,9 +15,6 @@
[stepUp does not apply for text]
expected: FAIL
[Value sanitization algorithm should strip line breaks for search]
expected: FAIL
[valueAsDate attribute must return null for search]
expected: FAIL

332
tests/wpt/metadata/html/semantics/forms/the-input-element/type-change-state.html.ini
View file

@ -1,23 +1,8 @@
[type-change-state.html]
type: testharness
[change state from hidden to text]
expected: FAIL
[change state from hidden to search]
expected: FAIL
[change state from hidden to tel]
expected: FAIL
[change state from hidden to url]
expected: FAIL
[change state from hidden to email]
expected: FAIL
[change state from hidden to password]
expected: FAIL
[change state from hidden to datetime]
expected: FAIL
@ -42,21 +27,9 @@
[change state from hidden to color]
expected: FAIL
[change state from text to search]
expected: FAIL
[change state from text to tel]
expected: FAIL
[change state from text to url]
expected: FAIL
[change state from text to email]
expected: FAIL
[change state from text to password]
expected: FAIL
[change state from text to datetime]
expected: FAIL
@ -81,21 +54,9 @@
[change state from text to color]
expected: FAIL
[change state from search to text]
expected: FAIL
[change state from search to tel]
expected: FAIL
[change state from search to url]
expected: FAIL
[change state from search to email]
expected: FAIL
[change state from search to password]
expected: FAIL
[change state from search to datetime]
expected: FAIL
@ -120,21 +81,9 @@
[change state from search to color]
expected: FAIL
[change state from tel to text]
expected: FAIL
[change state from tel to search]
expected: FAIL
[change state from tel to url]
expected: FAIL
[change state from tel to email]
expected: FAIL
[change state from tel to password]
expected: FAIL
[change state from tel to datetime]
expected: FAIL
@ -168,9 +117,6 @@
[change state from url to tel]
expected: FAIL
[change state from url to email]
expected: FAIL
[change state from url to password]
expected: FAIL
@ -198,19 +144,25 @@
[change state from url to color]
expected: FAIL
[change state from email to text]
[change state from email to hidden]
expected: FAIL
[change state from email to search]
[change state from email to checkbox]
expected: FAIL
[change state from email to tel]
[change state from email to radio]
expected: FAIL
[change state from email to url]
[change state from email to submit]
expected: FAIL
[change state from email to password]
[change state from email to image]
expected: FAIL
[change state from email to reset]
expected: FAIL
[change state from email to button]
expected: FAIL
[change state from email to datetime]
@ -237,18 +189,6 @@
[change state from email to color]
expected: FAIL
[change state from password to text]
expected: FAIL
[change state from password to search]
expected: FAIL
[change state from password to tel]
expected: FAIL
[change state from password to url]
expected: FAIL
[change state from password to email]
expected: FAIL
@ -315,24 +255,30 @@
[change state from datetime to color]
expected: FAIL
[change state from date to text]
[change state from date to hidden]
expected: FAIL
[change state from date to search]
[change state from date to checkbox]
expected: FAIL
[change state from date to tel]
[change state from date to radio]
expected: FAIL
[change state from date to url]
[change state from date to submit]
expected: FAIL
[change state from date to image]
expected: FAIL
[change state from date to reset]
expected: FAIL
[change state from date to button]
expected: FAIL
[change state from date to email]
expected: FAIL
[change state from date to password]
expected: FAIL
[change state from date to datetime]
expected: FAIL
@ -354,24 +300,30 @@
[change state from date to color]
expected: FAIL
[change state from month to text]
[change state from month to hidden]
expected: FAIL
[change state from month to search]
[change state from month to checkbox]
expected: FAIL
[change state from month to tel]
[change state from month to radio]
expected: FAIL
[change state from month to url]
[change state from month to submit]
expected: FAIL
[change state from month to image]
expected: FAIL
[change state from month to reset]
expected: FAIL
[change state from month to button]
expected: FAIL
[change state from month to email]
expected: FAIL
[change state from month to password]
expected: FAIL
[change state from month to datetime]
expected: FAIL
@ -393,24 +345,30 @@
[change state from month to color]
expected: FAIL
[change state from week to text]
[change state from week to hidden]
expected: FAIL
[change state from week to search]
[change state from week to checkbox]
expected: FAIL
[change state from week to tel]
[change state from week to radio]
expected: FAIL
[change state from week to url]
[change state from week to submit]
expected: FAIL
[change state from week to image]
expected: FAIL
[change state from week to reset]
expected: FAIL
[change state from week to button]
expected: FAIL
[change state from week to email]
expected: FAIL
[change state from week to password]
expected: FAIL
[change state from week to datetime]
expected: FAIL
@ -432,24 +390,30 @@
[change state from week to color]
expected: FAIL
[change state from time to text]
[change state from time to hidden]
expected: FAIL
[change state from time to search]
[change state from time to checkbox]
expected: FAIL
[change state from time to tel]
[change state from time to radio]
expected: FAIL
[change state from time to url]
[change state from time to submit]
expected: FAIL
[change state from time to image]
expected: FAIL
[change state from time to reset]
expected: FAIL
[change state from time to button]
expected: FAIL
[change state from time to email]
expected: FAIL
[change state from time to password]
expected: FAIL
[change state from time to datetime]
expected: FAIL
@ -471,24 +435,30 @@
[change state from time to color]
expected: FAIL
[change state from number to text]
[change state from number to hidden]
expected: FAIL
[change state from number to search]
[change state from number to checkbox]
expected: FAIL
[change state from number to tel]
[change state from number to radio]
expected: FAIL
[change state from number to url]
[change state from number to submit]
expected: FAIL
[change state from number to image]
expected: FAIL
[change state from number to reset]
expected: FAIL
[change state from number to button]
expected: FAIL
[change state from number to email]
expected: FAIL
[change state from number to password]
expected: FAIL
[change state from number to datetime]
expected: FAIL
@ -510,24 +480,30 @@
[change state from number to color]
expected: FAIL
[change state from range to text]
[change state from range to hidden]
expected: FAIL
[change state from range to search]
[change state from range to checkbox]
expected: FAIL
[change state from range to tel]
[change state from range to radio]
expected: FAIL
[change state from range to url]
[change state from range to submit]
expected: FAIL
[change state from range to image]
expected: FAIL
[change state from range to reset]
expected: FAIL
[change state from range to button]
expected: FAIL
[change state from range to email]
expected: FAIL
[change state from range to password]
expected: FAIL
[change state from range to datetime]
expected: FAIL
@ -549,24 +525,30 @@
[change state from range to color]
expected: FAIL
[change state from color to text]
[change state from color to hidden]
expected: FAIL
[change state from color to search]
[change state from color to checkbox]
expected: FAIL
[change state from color to tel]
[change state from color to radio]
expected: FAIL
[change state from color to url]
[change state from color to submit]
expected: FAIL
[change state from color to image]
expected: FAIL
[change state from color to reset]
expected: FAIL
[change state from color to button]
expected: FAIL
[change state from color to email]
expected: FAIL
[change state from color to password]
expected: FAIL
[change state from color to datetime]
expected: FAIL
@ -588,24 +570,9 @@
[change state from color to range]
expected: FAIL
[change state from checkbox to text]
expected: FAIL
[change state from checkbox to search]
expected: FAIL
[change state from checkbox to tel]
expected: FAIL
[change state from checkbox to url]
expected: FAIL
[change state from checkbox to email]
expected: FAIL
[change state from checkbox to password]
expected: FAIL
[change state from checkbox to datetime]
expected: FAIL
@ -630,24 +597,9 @@
[change state from checkbox to color]
expected: FAIL
[change state from radio to text]
expected: FAIL
[change state from radio to search]
expected: FAIL
[change state from radio to tel]
expected: FAIL
[change state from radio to url]
expected: FAIL
[change state from radio to email]
expected: FAIL
[change state from radio to password]
expected: FAIL
[change state from radio to datetime]
expected: FAIL
@ -672,24 +624,9 @@
[change state from radio to color]
expected: FAIL
[change state from submit to text]
expected: FAIL
[change state from submit to search]
expected: FAIL
[change state from submit to tel]
expected: FAIL
[change state from submit to url]
expected: FAIL
[change state from submit to email]
expected: FAIL
[change state from submit to password]
expected: FAIL
[change state from submit to datetime]
expected: FAIL
@ -714,24 +651,9 @@
[change state from submit to color]
expected: FAIL
[change state from image to text]
expected: FAIL
[change state from image to search]
expected: FAIL
[change state from image to tel]
expected: FAIL
[change state from image to url]
expected: FAIL
[change state from image to email]
expected: FAIL
[change state from image to password]
expected: FAIL
[change state from image to datetime]
expected: FAIL
@ -756,24 +678,9 @@
[change state from image to color]
expected: FAIL
[change state from reset to text]
expected: FAIL
[change state from reset to search]
expected: FAIL
[change state from reset to tel]
expected: FAIL
[change state from reset to url]
expected: FAIL
[change state from reset to email]
expected: FAIL
[change state from reset to password]
expected: FAIL
[change state from reset to datetime]
expected: FAIL
@ -798,24 +705,9 @@
[change state from reset to color]
expected: FAIL
[change state from button to text]
expected: FAIL
[change state from button to search]
expected: FAIL
[change state from button to tel]
expected: FAIL
[change state from button to url]
expected: FAIL
[change state from button to email]
expected: FAIL
[change state from button to password]
expected: FAIL
[change state from button to datetime]
expected: FAIL
@ -861,24 +753,30 @@
[change state from password to datetime-local]
expected: FAIL
[change state from datetime-local to text]
[change state from datetime-local to hidden]
expected: FAIL
[change state from datetime-local to search]
[change state from datetime-local to checkbox]
expected: FAIL
[change state from datetime-local to tel]
[change state from datetime-local to radio]
expected: FAIL
[change state from datetime-local to url]
[change state from datetime-local to submit]
expected: FAIL
[change state from datetime-local to image]
expected: FAIL
[change state from datetime-local to reset]
expected: FAIL
[change state from datetime-local to button]
expected: FAIL
[change state from datetime-local to email]
expected: FAIL
[change state from datetime-local to password]
expected: FAIL
[change state from datetime-local to date]
expected: FAIL

3
tests/wpt/metadata/html/semantics/forms/the-input-element/url.html.ini
View file

@ -1,8 +1,5 @@
[url.html]
type: testharness
[The value must not be set with "LF" (U+000A) or "CR" (U+000D)]
expected: FAIL
[The value sanitization algorithm is as follows: Strip line breaks from the value]
expected: FAIL

31
tests/wpt/metadata/html/semantics/forms/the-input-element/valueMode.html.ini
View file

@ -54,39 +54,8 @@
[value IDL attribute of input type datetime-local with value attribute]
expected: FAIL
[value IDL attribute of input type text without value attribute]
expected: FAIL
[value IDL attribute of input type text with value attribute]
expected: FAIL
[value IDL attribute of input type search without value attribute]
expected: FAIL
[value IDL attribute of input type search with value attribute]
expected: FAIL
[value IDL attribute of input type tel without value attribute]
expected: FAIL
[value IDL attribute of input type tel with value attribute]
expected: FAIL
[value IDL attribute of input type url without value attribute]
expected: FAIL
[value IDL attribute of input type url with value attribute]
expected: FAIL
[value IDL attribute of input type email without value attribute]
expected: FAIL
[value IDL attribute of input type email with value attribute]
expected: FAIL
[value IDL attribute of input type password without value attribute]
expected: FAIL
[value IDL attribute of input type password with value attribute]
expected: FAIL

2
tests/wpt/web-platform-tests/html/semantics/forms/the-input-element/type-change-state.html
View file

@ -51,6 +51,8 @@
input.type = types[j].type; // change state
if (types[j].sanitizedValue || types[j].sanitizedValue === "") {
assert_equals(input.value, types[j].sanitizedValue, "input.value should be " + types[j].sanitizedValue + " after change of state");
} else if (types[i].sanitizedValue || types[i].sanitizedValue === "") {
assert_equals(input.value, types[i].sanitizedValue, "input.value should be " + types[i].sanitizedValue + " after change of state");
} else {
assert_equals(input.value, " foo\rbar ", "input.value should be ' foo\\rbar ' after change of state");
}