Open Bug 561586 Opened 15 years ago Updated 10 months ago

<input type='url'> should check URLs according to URL Standard

Categories

(Core :: DOM: Forms, defect)

Product:
Core
Component:
DOM: Forms
Type:
defect

Tracking

()

People

(Reporter: mounir, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug,
URL
)

Details

(Keywords: html5, parity-chrome)

Attachments

(2 files, 1 obsolete file)

Validation of URL testcase
9.41 KB, text/html
Details
WIP: Bug 561586 - Add some wpt tests for constraint validation for <input type="url".
48 bytes, text/x-phabricator-request
Details | Review
At the moment, <input type='url'> type mismatch constraint validation is using |nsIIOService::NewURI| which not checking URI according to RFC's 3986 and 3987, AFAICT.
You mean NewURI should do more checks? That's bug 19313. Please note, however, that NewURI only succeeds for URL schemes that are registered on the user's system. If the user doesn't have a handler for e.g. tel: or mailto:, it fails, IIRC.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → REOPENED
Depends on: 19313
Resolution: DUPLICATE → ---
Priority: -- → P3
Blocks: html-forms

This might be good to look into once we implement the URL Standard better.

URL: http://dev.w3.org/html5/spec/infrastr...https://html.spec.whatwg.org/multipag...
Component: DOM: Core & HTML → DOM: Forms
Depends on: url
No longer depends on: 19313, iri, 344615
Priority: P3 → P5
Summary: <input type='url'> should check URI's according to RFC's 3986 and 3987 → <input type='url'> should check URLs according to URL Standard
Severity: normal → S3

Our URL standard implementation is now really good, with 97% on the interop score - we're aiming for 99-100 by the end of the year.
Looking at the example code in https://html.spec.whatwg.org/multipage/input.html#url-state-(type%3Durl) in both Chrome and Firefox, I see Chrome's implementation is really close to the reference image - while Firefox doesn't provide suggestions at all.

Clearing priority so this issue gets retriaged.

Severity: S3 → --
Status: REOPENED → NEW
Keywords: parity-chrome
Priority: P5 → --

This isn't really about the suggestions UI, but about validating URL strings. I made a testcase based on https://searchfox.org/mozilla-central/rev/2c3d657cbba5484ccac44443c4417baed7b5fafb/testing/web-platform/tests/conformance-checkers/tools/url.py and it looks like we're still allowing a number of things that shouldn't be allowed (missing // after the scheme for special schemes, non-digit in port, whitespace in various pieces, …).

Severity: -- → S3
Attached file Validation of URL testcase (obsolete) —

To be clear, all the inputs in attachment 9377381 [details] should be green I think.

The value sanitization algorithm for type=url does strip newlines, so the values containing newlines are actually valid.

Attachment #9377381 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: