[whatwg] Comments on Web Forms 2.0 Working Draft

Christian Schmidt whatwg.org at chsc.dk
Sun Jun 6 10:02:16 PDT 2004

I work as a web programmer. I have read the Web Forms 2.0 Working Draft of
3 June 2004 proposition with great interest. A few comments and

- I am not sure, when setValidity() is expected to be set, but it should
probably be done in onchange or oninput. At the same time, an appropriate
error message should be generated and stored somewhere, so that it can be
displayed in oninvalid. How about adding an onvalidate event, so that
authors can encapsulate validation and error message generation in one

- And how about supplying a way to display a user defined error message in
the same way as the built-in error messages are? This could be done by
adding an errorMessage property to the event object whose value initially
is the standard error message for the current ERROR_* constant(s). The
errorMessage property could then be altered in the above mentioned
onvalidate event handler, either if the input fails some user-defined
validation, or if the author wishes to create a more detailed error
message than the standard error message (it is hard for a computer to
explain a user, why their input doesn't match a particular regular
expressions). If validity is 0 when errorMessage is set, perhaps validity
should automatically be set to ERROR_USER_DEFINED.

This example illustrates the above suggestions - it makes a user-defined
validation of the input, changes the standard error message in case the
pattern is not matched, and if the input passes the user-defined
validation and matches the pattern, it proceeds to the UAs own validation,
including the maxlength-check:

<label>Choose a password
    <input type="password" pattern=".{3,}" name="password"
     maxlength="12" onvalidate="verifyPassword(event)">
<script type="text/javascript">
function verifyPassword() {
    if (event.target.value == event.target.form.elements.username.value) {
        event.errorMessage = 'Your password may not be the same as your
    } else if (event.target.validity &
               event.target.form.ERROR_PATTERN_MISMATCH) {

        event.errorMessage = 'Your password should be at least 3 characters';

- The table in section B specified that the pattern attribute applies to
<input type="pattern">, but password is not among the types mentioned in
the first paragraph of section 2.9.

- It may be relevant to specify how to deal with IDN domain names in
<input type="email"> and <input type="url"> - should they be allowed,
converted in the client or sent to the server in their original character

- With respect to <input type="email"> and <input type="url">, it may be
relevant to explicitly specify, whether any syntactically valid email
address/URI should be allowed, or if the client may/should also try to
determine whether the email/URI is live and working, e.g. do DNS lookups.
In practice, a lot of users seem to have trouble remembering even their
own email address, so sometimes it is useful with as many sanity checks as


More information about the whatwg mailing list