[whatwg] form validation of values that aren't entered by the user

Hallvord Reiar Michaelsen Steen hallvord at hallvord.com
Wed Feb 1 04:49:47 PST 2006

I've already brought up this issue because of the kayak.com search 
fields with a maxlength smaller than the length of the strings 
scripts would insert into the input elements. I'd like to discuss 
things more generally: it is a serious UI and usability problem to 
validate values that are not entered by the user: how am I supposed 
to understand the problem if the UA tells me I typed too much text in 
a box I never typed anything into? It becomes a serious problem with 
legacy applications when we extend the meaning of MAXLENGTH. I'm 
pretty sure we'll find code like <input readonly maxlength="5" 
value="Hello world"> - the user has no chance of submitting that 

There are two cases if non-user-caused invalidity: invalid content 
can be sent from server as the default attribute, and invalid states 
may be created from scripts.

I suggest that 
1) willValidate should exclude readonly controls. Nothing the user 
can do about those anyway.

2) We should ignore maxlength errors for default values. Something 
like the following pseudokode:

if current value length > maxlength
    if current value != default value
    // user changed text not according to restrictions
   show validation error messag
else// assuming author error. ignore. and submit form anyway

And of course I hope my earlier suggestion to fire onsubmit *after* 
validation will be taken into the spec :-)
Hallvord Reiar Michaelsen Steen

More information about the whatwg mailing list