From 23359c586871f4329115ee28c82a9274203456e6 Mon Sep 17 00:00:00 2001
From: glowe <graham@spinlag.com>
Date: Sat, 30 Nov 2019 21:53:53 -0500
Subject: [PATCH 1/4] Remove catch-all case for input sanitization

Replaced catch-all with explicit case for inputs that do not have
a value sanitization algorithm. This should prevent us from
forgetting to implement a sanitization for an input, since they
must all be accounted for in the match expression.
---
 components/script/dom/htmlinputelement.rs | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/components/script/dom/htmlinputelement.rs b/components/script/dom/htmlinputelement.rs
index 60b5cb9bcb1..04667659a33 100755
--- a/components/script/dom/htmlinputelement.rs
+++ b/components/script/dom/htmlinputelement.rs
@@ -1213,7 +1213,16 @@ impl HTMLInputElement {
                     value.push_str(sanitized.as_str());
                 }
             },
-            _ => (),
+            // The following inputs don't have a value sanitization algorithm.
+            // See https://html.spec.whatwg.org/multipage/#value-sanitization-algorithm
+            InputType::Button |
+            InputType::Checkbox |
+            InputType::File |
+            InputType::Hidden |
+            InputType::Image |
+            InputType::Radio |
+            InputType::Reset |
+            InputType::Submit => (),
         }
     }
 

From 576f51f598982a608caf52b9aa74eb397bd762ec Mon Sep 17 00:00:00 2001
From: glowe <graham@spinlag.com>
Date: Sat, 30 Nov 2019 23:29:09 -0500
Subject: [PATCH 2/4] Add DOMString floating point string test and fix

Fixes an issue where DOMString::is_valid_floating_point_number_string
was returning true for strings that began with whitespace characters-
TAB, LF, FF, or CR. Also added a unit test to cover this since the
corresponding web-platform-tests are incomplete.
---
 components/script/dom/bindings/str.rs | 10 +++++-----
 tests/unit/script/domstring.rs        | 20 ++++++++++++++++++++
 tests/unit/script/lib.rs              |  2 ++
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100644 tests/unit/script/domstring.rs

diff --git a/components/script/dom/bindings/str.rs b/components/script/dom/bindings/str.rs
index 38091fcf19e..2b4830dccfc 100644
--- a/components/script/dom/bindings/str.rs
+++ b/components/script/dom/bindings/str.rs
@@ -3,11 +3,11 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
 //! The `ByteString` struct.
-
 use chrono::prelude::{Utc, Weekday};
 use chrono::{Datelike, TimeZone};
 use cssparser::CowRcStr;
 use html5ever::{LocalName, Namespace};
+use regex::Regex;
 use servo_atoms::Atom;
 use std::borrow::{Borrow, Cow, ToOwned};
 use std::default::Default;
@@ -337,11 +337,11 @@ impl DOMString {
 
     /// https://html.spec.whatwg.org/multipage/#valid-floating-point-number
     pub fn is_valid_floating_point_number_string(&self) -> bool {
-        // for the case that `parse_floating_point_number` cannot handle
-        if self.0.contains(" ") {
-            return false;
+        lazy_static! {
+            static ref RE: Regex =
+                Regex::new(r"^-?(?:\d+\.\d+|\d+|\.\d+)(?:(e|E)(\+|\-)?\d+)?$").unwrap();
         }
-        parse_floating_point_number(&self.0).is_ok()
+        RE.is_match(&self.0) && parse_floating_point_number(&self.0).is_ok()
     }
 
     /// https://html.spec.whatwg.org/multipage/#best-representation-of-the-number-as-a-floating-point-number
diff --git a/tests/unit/script/domstring.rs b/tests/unit/script/domstring.rs
new file mode 100644
index 00000000000..08af9c69062
--- /dev/null
+++ b/tests/unit/script/domstring.rs
@@ -0,0 +1,20 @@
+// Copyright 2013 The Servo Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+use script::test::DOMString;
+
+#[test]
+fn test_domstring_is_valid_floating_point_number_string_leading_whitespace() {
+    assert!(!DOMString::from("\t1").is_valid_floating_point_number_string());
+    assert!(!DOMString::from("\n1").is_valid_floating_point_number_string());
+    // \x0C - form feed
+    assert!(!DOMString::from("\x0C1").is_valid_floating_point_number_string());
+    assert!(!DOMString::from("\r1").is_valid_floating_point_number_string());
+    assert!(!DOMString::from(" 1").is_valid_floating_point_number_string());
+}
diff --git a/tests/unit/script/lib.rs b/tests/unit/script/lib.rs
index 4b258ede7d0..434992ad954 100644
--- a/tests/unit/script/lib.rs
+++ b/tests/unit/script/lib.rs
@@ -2,6 +2,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
+#[cfg(test)]
+mod domstring;
 #[cfg(test)]
 mod headers;
 #[cfg(test)]

From b8a8c2b9bf32867ba09bdebd8c1cc05e6e3f4435 Mon Sep 17 00:00:00 2001
From: glowe <graham@spinlag.com>
Date: Mon, 2 Dec 2019 22:50:13 -0500
Subject: [PATCH 3/4] Enhance wpt for number input

Add cases for all leading ASCII whitespace characters.
---
 tests/wpt/metadata/MANIFEST.json                            | 2 +-
 .../html/semantics/forms/the-input-element/number.html      | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/wpt/metadata/MANIFEST.json b/tests/wpt/metadata/MANIFEST.json
index 2d83d384e56..da21d1cce9d 100644
--- a/tests/wpt/metadata/MANIFEST.json
+++ b/tests/wpt/metadata/MANIFEST.json
@@ -657659,7 +657659,7 @@
    "testharness"
   ],
   "html/semantics/forms/the-input-element/number.html": [
-   "64868f02efca707cfe88a51e9bd91574dfbcaad9",
+   "7d93f208985d305d46324d0ecf34e8c4ff2ad361",
    "testharness"
   ],
   "html/semantics/forms/the-input-element/password.html": [
diff --git a/tests/wpt/web-platform-tests/html/semantics/forms/the-input-element/number.html b/tests/wpt/web-platform-tests/html/semantics/forms/the-input-element/number.html
index 64868f02efc..7d93f208985 100644
--- a/tests/wpt/web-platform-tests/html/semantics/forms/the-input-element/number.html
+++ b/tests/wpt/web-platform-tests/html/semantics/forms/the-input-element/number.html
@@ -35,7 +35,11 @@
     {value: "+1", expected: "", testname: "value = +1"},
     {value: "+", expected: "", testname: "value = '+'"},
     {value: "-", expected: "", testname: "value = '-'"},
-    {value: " 1", expected: "", testname: "value with a leading whitespace"},
+    {value: "\t1", expected: "", testname: "value with a leading tab"},
+    {value: "\n1", expected: "", testname: "value with a leading newline"},
+    {value: "\f1", expected: "", testname: "value with a leading form feed"},
+    {value: "\r1", expected: "", testname: "value with a leading carriage return"},
+    {value: " 1", expected: "", testname: "value with a leading space"},
     {value: "1trailing junk", expected: "", testname: "value = 1trailing junk"}
   ];
   for (var i = 0; i < numbers.length; i++) {

From b9ec6f99cd76ed430d5916b38190e8ee7be70516 Mon Sep 17 00:00:00 2001
From: glowe <graham@spinlag.com>
Date: Mon, 2 Dec 2019 22:52:02 -0500
Subject: [PATCH 4/4] Remove redundant domstring unit test

This test is no longer necessary since the cases tested are also tested
by the number input web platform test.
---
 tests/unit/script/domstring.rs | 20 --------------------
 tests/unit/script/lib.rs       |  2 --
 2 files changed, 22 deletions(-)
 delete mode 100644 tests/unit/script/domstring.rs

diff --git a/tests/unit/script/domstring.rs b/tests/unit/script/domstring.rs
deleted file mode 100644
index 08af9c69062..00000000000
--- a/tests/unit/script/domstring.rs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2013 The Servo Project Developers. See the COPYRIGHT
-// file at the top-level directory of this distribution.
-//
-// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
-// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
-// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
-// option. This file may not be copied, modified, or distributed
-// except according to those terms.
-
-use script::test::DOMString;
-
-#[test]
-fn test_domstring_is_valid_floating_point_number_string_leading_whitespace() {
-    assert!(!DOMString::from("\t1").is_valid_floating_point_number_string());
-    assert!(!DOMString::from("\n1").is_valid_floating_point_number_string());
-    // \x0C - form feed
-    assert!(!DOMString::from("\x0C1").is_valid_floating_point_number_string());
-    assert!(!DOMString::from("\r1").is_valid_floating_point_number_string());
-    assert!(!DOMString::from(" 1").is_valid_floating_point_number_string());
-}
diff --git a/tests/unit/script/lib.rs b/tests/unit/script/lib.rs
index 434992ad954..4b258ede7d0 100644
--- a/tests/unit/script/lib.rs
+++ b/tests/unit/script/lib.rs
@@ -2,8 +2,6 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
-#[cfg(test)]
-mod domstring;
 #[cfg(test)]
 mod headers;
 #[cfg(test)]