[whatwg] including <output> in form submissions
Ian Hickson
ian at hixie.ch
Tue Feb 21 14:48:12 PST 2012
On Tue, 13 Sep 2011, Michael Gratton wrote:
>
> HTML5 does not provide a means of submitting form content that is
> otherwise rendered as normal text, i.e. not as a form control. The use
> cases for this are the same as for the <output> element, but when it is
> also desirable for the result of a calculation to be sent to the server
> when the form is submitted.
>
> Currently, the only way to implement this is to maintain two copies of
> the value, one the child text of an <output> element (or something
> similar, for example a <td> or <span>) and once in the value of an
> <input type="hidden"> element, using appropriate scripting to keep the
> two in sync. This is error prone and places an additional burden on the
> web page author.
>
> This can be remedied by allowing the value of <output> elements to be
> submitted. That is, include the <output> element in the submittable
> form-associated element category.
>
> I initially thought that this was precisely what the <output> element
> existed for - it was rather surprising when I tried using them but none
> of the values were appearing in the submission.
You can work around this by just assigning the value to a hidden input
when you assign it to the output control.
But in general, I recommend against this. Anything that can be computed
should be computed on the server to obtain the canonical value, otherwise
you open yourself up to attackers sending you inconsistent data.
On Wed, 14 Sep 2011, Michael Gratton wrote:
>
> [As an aside, it just occured to me that it would also be helpful if
> <output> supported the "type" attribute, for most of the same values as
> <input> now does in HTML5, for much the same reason as it makes sense
> for <input>.]
It makes sense for <input> because it lets the browser know what interface
to give to the user to let the user change the value... How does that make
sense for <output>?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list