Closed Bug 1686765 Opened 3 years ago Closed 3 years ago

Implement spec-compliant newline normalization in form payloads


(Core :: DOM: Forms, task)




90 Branch
Tracking Status
firefox90 --- fixed


(Reporter: andreu, Assigned: andreu)



(Keywords: dev-doc-complete)


(1 file)

Spec PRs:, (still under review)
Test PRs:, (still under review)

The HTML spec is changing the way form payloads are handled to be more specific and match implementations better, in particular around newline normalization and escaping in multipart/form-data payloads. specifies the exact escaping implementations must use for multipart/form-data forms: percent-encoding newlines and double quotes. This goes against Firefox's behavior of replacing newlines with a space and escaping double quotes with a backslash. See the tests FileAPI/file/send-file-form-controls.html and FileAPI/file/send-file-form-punctuation.html. changes the way newline normalization works: for multipart/form-data, the spec used to require that form entries which originated from forms were normalized (names and string values, but not filenames or file contents), but not entries added through other means (such as by populating a FormData object from JS, or by modifying the entry list from JS through the formdata event). Now all form entries must be normalized. See FileAPI/file/send-file-formdata-controls.html.

John, is this something you want to fix (at least the changes that are no longer under review)? (And perhaps you're also interested in giving feedback on the proposed changes to these algorithms.)

Component: General → DOM: Forms
Flags: needinfo?(jdai)
Product: Firefox → Core

This doesn't seem like a hard fix, so I'd like to take it up if that's okay. I would appreciate jdai's review here and on the WHATWG PR, though.

I'll take a look. Keep NI for tracking.

See Also: → 1687820
Severity: -- → S3

It seems like the HTML pull request is close to being merged, so John, if you have any feedback, please go ahead and give it.

Ever confirmed: true
See Also: → 1697292

This commit also changes the way escapes work in multipart/form-data names and filenames.

Assignee: nobody → abb

jdai: Could you review the revision?

Pushed by
Update newline normalization in form payloads. r=smaug

This revision had to land together with, since that revision adds the changes needed to the multipart/form-data parser in the WebExtensions API which are needed to get the same result as these changes on the serializer. See bug 1697292. I had linked both revisions, but maybe I got that wrong.

Flags: needinfo?(abb)
Pushed by
Update newline normalization in form payloads. r=smaug
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
Keywords: dev-doc-needed

Added to release notes.

Flags: needinfo?(jdai)
Blocks: 1556711
You need to log in before you can comment on or make changes to this bug.