[meta] Implement value sanitizations for different input modes

[KiChjang]

#18262 laid the groundwork for this, but we're still missing value sanitizations for:

• Date type inputs (#19385)
• Month type inputs (#19385)
• Week type inputs (#19559)
• Time type inputs (#19379)
• Date-time type inputs (#19602)
• Number type inputs and range type inputs (#19730, #19761)
• Color type inputs (#19330)
• E-Mail type inputs

All of the missing algorithms above are expected to be implemented in this function:

servo/components/script/dom/htmlinputelement.rs

Lines 1125 to 1190 in 6e844f2

	// https://html.spec.whatwg.org/multipage/#value-sanitization-algorithm
	fn sanitize_value(&self, value: &mut DOMString) {
	match self.input_type() {
	InputType::Text | InputType::Search | InputType::Tel | InputType::Password => {
	value.strip_newlines();
	},
	InputType::Url => {
	value.strip_newlines();
	value.strip_leading_and_trailing_ascii_whitespace();
	},
	InputType::Date => {
	if !value.is_valid_date_string() {
	value.clear();
	}
	},
	InputType::Month => {
	if !value.is_valid_month_string() {
	value.clear();
	}
	},
	InputType::Week => {
	if !value.is_valid_week_string() {
	value.clear();
	}
	},
	InputType::Color => {
	let is_valid = {
	let mut chars = value.chars();
	if value.len() == 7 && chars.next() == Some('#') {
	chars.all(|c| c.is_digit(16))
	} else {
	false
	}
	};
	if is_valid {
	value.make_ascii_lowercase();
	} else {
	*value = "#000000".into();
	}
	},
	InputType::Time => {
	if !value.is_valid_time_string() {
	value.clear();
	}
	},
	InputType::DatetimeLocal => {
	if value
	.convert_valid_normalized_local_date_and_time_string()
	.is_err()
	{
	value.clear();
	}
	},
	InputType::Number => {
	if !value.is_valid_floating_point_number_string() {
	value.clear();
	}
	},
	// https://html.spec.whatwg.org/multipage/#range-state-(type=range):value-sanitization-algorithm
	InputType::Range => {
	value.set_best_representation_of_the_floating_point_number();
	},
	_ => (),
	}
	}

The implementation for these value sanitizations are given by the spec, which I have linked accordingly. When each of these are implemented, some subtests under tests/wpt/web-platform-tests/html/semantics/forms/the-input-element/type-change-state.html should be expected to PASS instead. Some other tests under the same directory may also pass as a result of a correct implementation.

If you want to help out with this, please comment on this issue or reach out on IRC (#servo in irc.mozilla.org), and we'll find one which is interesting to you; or, you can also file an issue and mention this one, and I'll get it assigned to you.

[highfive]

Hi! If you have any questions regarding this issue, feel free to make a comment here, or ask it in the #servo channel in IRC.

If you intend to work on this issue, then add @highfive: assign me to your comment, and I'll assign this to you. 😄

[tigercosmos]

@highfive: assign me

[highfive]

Hey @tigercosmos! Thanks for your interest in working on this issue. It's now assigned to you!

[tigercosmos]

@KiChjang Can I divide it to several parts and solve them one by one? Maybe two or three?

[KiChjang]

@tigercosmos Sure! Just comment and make a list of the ones that you'd like to solve.

[KiChjang]

Keeping this open for other potential contributors.

[tigercosmos]

Seems min max step attributes have not implemented?
Where I guess it should be in:

servo/components/script/dom/htmlinputelement.rs

Lines 896 to 899 in a3f2fae

	fn attribute_mutated(&self, attr: &Attr, mutation: AttributeMutation) {
	self.super_type().unwrap().attribute_mutated(attr, mutation);
	match attr.local_name() {

[KiChjang]

That is incorrect. I can find them under the HTMLInputElementMethods trait implementation.

servo/components/script/dom/htmlinputelement.rs

Lines 496 to 500 in 33fa728

	// https://html.spec.whatwg.org/multipage/#dom-input-max
	make_getter!(Max, "max");
	// https://html.spec.whatwg.org/multipage/#dom-input-max
	make_setter!(SetMax, "max");

[tigercosmos]

That just get the value. But we need to do something? e.g. min should be number.

[KiChjang]

I assume the reason why you're asking is because the spec mentions max, min and step attributes should be valid date strings? You can safely ignore that part - the spec is written with different target audiences in mind: HTML authors (which is to say programmers who write HTML) and HTML implementors (us). Those requirements are for HTML authors, since they do not mention how user agents (browsers) should act when they are invalid.

In addition, the spec defines the value sanitization algorithm as "if the value of the element is not a valid date string, then set it to the empty string instead". The max, min and step attribute stuff is not part of the value sanitization algorithm.

The valid date strings algorithm is what you will need to implement, and I think the appropriate place to put that algorithm would be in components/style/attr.rs.

[Eijebong]

Going to do the color one

[KiChjang]

I believe @Eijebong is also working on the number and range type inputs.

[Eijebong]

Right, sorry I forgot to put it there.

[KiChjang]

@tigercosmos I haven't heard back from you for a while, do you need any help? Any questions?

[tigercosmos]

@KiChjang I am stuck in other issues (19280) ... and preparing for midterm exams recently.
I have deleted my declaration before. I will be back later (If this issue is still not fixed)

[tigercosmos]

I am back, and working on Date one

[SWW13]

I'm going to work on the number and range validation.

[tigercosmos]

@SWW13 that one have been picked by @Eijebong

[SWW13]

Oh, missed that. @KiChjang Could you update the initial issue and name the selected parts?

[tigercosmos]

I believe these are unassigned:

• Month type inputs
• Week type inputs
• Time type inputs
• Date-time type inputs

But some would be related to Date one, so I suggest choose those after Date done.

[SWW13]

Then I'll work on the time validation if you don't mind @tigercosmos? That should not be related to the Date input.

[tigercosmos]

That would be great!
Good luck ：)

[KiChjang]

I'd rather not, most of the string parsing/validation logic is located in str.rs, I'd rather not move them around unnecessarily.

[tigercosmos]

@Eijebong Are you still working on number and range type inputs?

[tigercosmos]

I just found that @SWW13' s time implement is not completed.
both parse a time string and parse a time component are not implemented.
I will do it, and then I can continue the other parts.

[tigercosmos]

Date-time type inputs has opened a PR #19602

[NLincoln]

I've started working on basic support for type=number. I have all of the pre-existing tests passing, just need to update the test manifest (I might be asking about that on IRC tonight actually... there were some errors when I ran it this morning). Once that's done I'll open a PR.

My code is here. I used the standard f64 parser, just with a few changes where the browser spec is stricter than what rust allows. Is this approach Ok?

Currently I don't handle the min, max, or step attributes. I figured I'd reserve those for a future PR.

[tigercosmos]

@NLincoln this issue doesn't need to handle min, max, or step. I think you can open PR and that would be easier to discuss about the code.

[NLincoln]

👍 I just opened one.

[tigercosmos]

let me finish the last one range type inputs
@highfive: assign me

[highfive]

Hey @tigercosmos! Thanks for your interest in working on this issue. It's now assigned to you!

[tigercosmos]

I have opened the last one PR in this issue.
Once #19761 finished, this will closed.

[CYBAI]

Is E-Mail sanitization missing for this meta issue?

Ref: https://html.spec.whatwg.org/multipage/input.html#e-mail-state-(type=email)

[tigercosmos]

Yes, let's reopen the issue.

[KiChjang]

I've instead filed #21810, which contains other things that also needs attention for value sanitization.