[Form] Allow more permissive form input name and ID #53981
Conversation
8b45fe1 to
3239eb8
Compare
|
PR is ready. doctrine-bridge test fails because it still uses old |
nicolas-grekas
left a comment
There was a problem hiding this comment.
LGTM, just some tweaks please
…sispts) This PR was merged into the 5.4 branch. Discussion ---------- [DoctrineBridge] Drop a test case in `EntityTypeTest` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exists, explain below instead --> | License | MIT This PR will drop a test case as suggested by `@nicolas`-grekas. See: #53981 (comment) Commits ------- f6506aa Drop test case
d6740c2 to
0312392
Compare
0312392 to
534ea18
Compare
|
Rebased and ready |
| final public static function isValidName(?string $name): bool | ||
| { | ||
| return '' === $name || null === $name || preg_match('/^[a-zA-Z0-9_][a-zA-Z0-9_\-:]*$/D', $name); | ||
| return ('' === $name || null === $name || preg_match('/^[a-zA-Z0-9_\-:]*$/D', $name)) && 'isindex' !== $name; |
There was a problem hiding this comment.
Why do we fordbid isindex now? This is a BC break if I don’t miss anything.
There was a problem hiding this comment.
Because isindex is not allowed in HTML5.
Yeah, it's a BC break. Any idea how to handle this case?
There was a problem hiding this comment.
Let‘s deprecate it in 7.1 and don’t accept it in 8.0.
There was a problem hiding this comment.
I think this is wrong though. Most of the Symfony form names could use isindex without issue. The HTML restriction would only forbid us to generate a full name equal to isindex, while root[isindex] is perfectly valid in HTML (remember that the Symfony form name is not used directly as the HTML name, but is involved in generating it)
There was a problem hiding this comment.
Just adding that it's not only isindex, but also _charset_, see https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attr-fe-name
An ASCII case-insensitive match for the name
_charset_is special: if used as the name of a Hidden control with no value attribute, then during submission the value attribute is automatically given a value consisting of the submission character encoding.
| // number, otherwise naming fields by collection indices is not | ||
| // possible. | ||
| // For root forms, leading digits will be stripped from the | ||
| // "id" attribute to produce valid HTML4. |
| ['isINDEX'], | ||
|
|
||
| // This value shouldn't be allowed. | ||
| // However, many tests in Form component require empty name |
There was a problem hiding this comment.
This comment is wrong to me. The fullname of a non-compound field should not be empty (as HTML form inputs will need a non-empty name). But this is not what is validated by the validation you run here.
For instance, a perfectly valid use case is to have an empty name for the root form, so that names of fields look like field1 and not root[field1].
| // Strip leading underscores and digits. These are allowed in | ||
| // form names, but not in HTML4 ID attributes. | ||
| // https://www.w3.org/TR/html401/struct/global#adef-id | ||
| $id = ltrim($id, '_0123456789'); |
There was a problem hiding this comment.
If this change is kept (which I think is good - see my answer at #53976 (comment) ), then it's a BC break and therefore should target v8.0.
|
@asispts This PR looks stale, are you still willing to work on this PR? |
Changes in this PR:
testNameAcceptsOnlyNamesValidAsIdsInHtml4has been split into 2 functions:testInvalidFormInputNameandtestValidFormInputName,isindexas an input name.