From 61891ada50f1407778292cf104c595192f73b17c Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Fri, 22 Feb 2019 21:11:34 +0000 Subject: validate the form button element type attribute as per spec https://html.spec.whatwg.org/multipage/form-elements.html#attr-button-type says if the type attribute is anything but "reset" or "button" it is of "submit" type. The previous logic was incorrect and only used the button if its type was explicitly submit and noting else. --- content/handlers/html/form.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/content/handlers/html/form.c b/content/handlers/html/form.c index 5a915b84e..3d787e762 100644 --- a/content/handlers/html/form.c +++ b/content/handlers/html/form.c @@ -1018,6 +1018,8 @@ form_dom_to_data_input(dom_html_input_element *input_element, /** * process form HTMLButtonElement into multipart data. * + * https://html.spec.whatwg.org/multipage/form-elements.html#the-button-element + * * \param button_element The form button DOM element to convert. * \param form_charset The form character set * \param doc_charset The document character set for fallback @@ -1044,7 +1046,7 @@ form_dom_to_data_button(dom_html_button_element *button_element, &element_disabled); if (exp != DOM_NO_ERR) { NSLOG(netsurf, INFO, - "Unabe to get disabled property. exp %d", exp); + "Unable to get disabled property. exp %d", exp); return NSERROR_DOM; } @@ -1053,15 +1055,25 @@ form_dom_to_data_button(dom_html_button_element *button_element, return NSERROR_OK; } - /* only submit buttons can cause data elements */ + /* get the type attribute */ exp = dom_html_button_element_get_type(button_element, &inputtype); if (exp != DOM_NO_ERR) { NSLOG(netsurf, INFO, "Could not get button element type"); return NSERROR_DOM; } - if (!dom_string_caseless_isequal(inputtype, corestring_dom_submit)) { - /* multipart data entry not required for non submit buttons */ + /* If the type attribute is "reset" or "button" the element is + * barred from constraint validation. Specification says + * default and invalid values result in submit which will + * be considered. + */ + if (dom_string_caseless_isequal(inputtype, corestring_dom_reset)) { + /* multipart data entry not required for reset type */ + dom_string_unref(inputtype); + return NSERROR_OK; + } + if (dom_string_caseless_isequal(inputtype, corestring_dom_button)) { + /* multipart data entry not required for button type */ dom_string_unref(inputtype); return NSERROR_OK; } -- cgit v1.2.3