Html: Unblacklist HTML5 form validation attributes

We blacklisted them in 2010. Modern browsers support them fairly well,
and it doesn't seem to conflict with any of our code.

I tested this with SecurePoll poll creation form, which contains an
astonishingly wide range of form controls and validation options.

Change-Id: I08244addcf9b6eb96137895f28e7b750914fef5c

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 116ef31..4174876 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -46,6 +46,10 @@ production.
   of the page being parsed.
 * Added JavaScript that provides as-you-type suggestions for reason
   on the block, delete and protect forms.
+* HTML5 form validation attributes will no longer be suppressed. Originally
+  browsers had poor support for them, but modern browsers handle them fine.
+  This might affect some forms that used them and only worked because the
+  attributes were not actually being set.
 
 === External library changes in 1.29 ===
 
@@ -171,6 +175,7 @@ changes to languages because of Phabricator reports.
 * Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
 * Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
 * RedisConnectionPool::handleException (deprecated since 1.23) was removed.
+
 == Compatibility ==
 
 MediaWiki 1.29 requires PHP 5.5.9 or later. There is experimental support for

diff --git a/includes/Html.php b/includes/Html.php
index 0b6b655..b46ea81 100644 (file)
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -485,22 +485,6 @@ class Html {
                        // and better compression anyway.
                        $key = strtolower( $key );
 
-                       // Bug 23769: Blacklist all form validation attributes for now.  Current
-                       // (June 2010) WebKit has no UI, so the form just refuses to submit
-                       // without telling the user why, which is much worse than failing
-                       // server-side validation.  Opera is the only other implementation at
-                       // this time, and has ugly UI, so just kill the feature entirely until
-                       // we have at least one good implementation.
-
-                       // As the default value of "1" for "step" rejects decimal
-                       // numbers to be entered in 'type="number"' fields, allow
-                       // the special case 'step="any"'.
-
-                       if ( in_array( $key, [ 'max', 'min', 'pattern', 'required' ] )
-                               || $key === 'step' && $value !== 'any' ) {
-                               continue;
-                       }
-
                        // https://www.w3.org/TR/html401/index/attributes.html ("space-separated")
                        // https://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated")
                        $spaceSeparatedListAttributes = [

diff --git a/tests/phpunit/includes/HtmlTest.php b/tests/phpunit/includes/HtmlTest.php
index e2ee193..b7249e5 100644 (file)
--- a/tests/phpunit/includes/HtmlTest.php
+++ b/tests/phpunit/includes/HtmlTest.php
@@ -633,35 +633,6 @@ class HtmlTest extends MediaWikiTestCase {
                return $ret;
        }
 
-       /**
-        * @covers Html::expandAttributes
-        */
-       public function testFormValidationBlacklist() {
-               $this->assertEmpty(
-                       Html::expandAttributes( [
-                               'min' => 1,
-                               'max' => 100,
-                               'pattern' => 'abc',
-                               'required' => true,
-                               'step' => 2
-                       ] ),
-                       'Blacklist form validation attributes.'
-               );
-               $this->assertEquals(
-                       ' step="any"',
-                       Html::expandAttributes(
-                               [
-                                       'min' => 1,
-                                       'max' => 100,
-                                       'pattern' => 'abc',
-                                       'required' => true,
-                                       'step' => 'any'
-                               ],
-                               'Allow special case "step=any".'
-                       )
-               );
-       }
-
        public function testWrapperInput() {
                $this->assertEquals(
                        '<input type="radio" value="testval" name="testname"/>',