HTML5 compliant form attributes #6271
Conversation
According to W3C specification, form ‘action’ attribute can’t be empty in HTML5 — but now, is optional. So, if the form doctype is ‘HTML5’ or ‘XHTML5’, the form action isn’t set as an empty string. Also, if either doctypes are detected, form ‘method’ attribute is not set to ‘get’ by default, as some applications may use only ‘formmethod’ attribute on submit buttons (according to W3C, “missing value default for the method attribute is also the GET state” — and this is valid since HTML 2.0). Reference: - http://www.w3.org/TR/html5/forms.html#attr-fs-action - http://www.w3.org/TR/html5/forms.html#attr-fs-method
| ); | ||
| $doctype = $this->getDoctype(); | ||
|
|
||
| if ('HTML5' !== $doctype && 'XHTML5' !== $doctype) { |
There was a problem hiding this comment.
Can you check if there's a constant for HTML5 and XHTML5 here?
|
@Ocramius you're right, I missed that one. |
|
A year ago I reported the same issue and it was closed: #3992 I hope this PR gets accepted 👍 |
|
@Martin-P that previous PR was using a superglobal to get the current URI as submit path. An empty URI is better here. No additional deps were introduced either, which is good. |
|
@Ocramius It was not a PR, it was just a bug report to address the issue. But good to see this bug is getting fixed now 😃 |
|
This will land in develop only, as it is not really a bug. |
|
Merged |
|
@Ocramius This was misinterpreted i guess. It would be good to revert. http://www.w3.org/TR/html5/forms.html#form-submission-algorithm
Angular.js has a behavior that calls preventDefault on the forms that doesn't have an action specified. It doesnt do anything if the action is empty. My best guess is that an empty string is not considered a specification of a value, because it says , if specified, it only accepts VALID NON-EMPTY URL (but a empty string would be ok if not considered a specification). It doesn't make much sense to say that only valid non-empty urls will be accepted and say that if there is a empty string, the document address should be used. This was working perfectly fine in zf 2.3.x. and now i must specify a url in all the actions. |
Perhaps you can describe the difference between an empty url and an empty string (with examples)? |
|
@Martin-P I'm not saying these are different things. I'm saying the empty string might not be considered a url specification. If you take a look at the given example, you'll see that the html5 docs also say about an empty string being a valid declaration, otherwise it wouldn't be written in item 8 of form submission algorithm. |
|
The specification says:
If an empty url and an empty string are considered the same thing, this means What you are referring to is what HTML5 should do when a particular situation is encountered, it says nothing about the fact if it is allowed or not. The complaint of previous versions of HTML was that browsers made up their own rules, because the specification did not specify what action should be taken in certain (unexpected) situations. One of the goals of the HTML5 specification is to describe what should be done in such a situation to prevent browsers making up their own rules once again. |
|
@Martin-P You're telling me that the specification says what should be done by browsers if a not valid html5 declaration is found and this behavior is to treat the issue like it wasn't there by assuming the document address is the required action? If this document is telling browsers SHOULD use the document address when they find a EMPTY STRING, the this is a valid setting, otherwise the recommended behavior was going to be DO NOTHING BECAUSE THIS IS NOT VALID. Go to complain with folks at Google, because they're treating empty strings as valid HTML5 specification when allowing the form to be submited only with action set to empty or valid URL in angular.js. Of course, they misunderstood the specs too. |
The document describes what procedure should be followed. If that procedure describes what should be done with certain values, this does not mean that value is valid. An example to clarify this: |
|
A better example would be: It makes no sense to have strategies to a behavior that MUST NOT happen. |
|
My point is: when a situation is described it does not automatically mean that the situation is valid.
It does not allow a behavior, it merely describes what should happen when such a situation is encountered. Please see: 1.10 Conformance requirements for authors
This part clearly states processing for both valid and invalid documents is handled in the specification. |
|
Ok, i got your point
None of the examples given in that chapter is even close with this subject we're discussing. |
|
We are discussing an emtpy string as value for the |
|
@Martin-P The specs are not even close to be clear about this. This 1.10 section is very clear, but it exemplifies the text you quoted above with problems like invalid markup, boolean attribute values, typos, etc.... Nothing even close to a empty form action. You are assuming a empty string is a action specification, but if i'm not wrong (and i admit i can be), a empty string is not specifying anything, but the absence of a specification, and the rule says If your interpretation of the specs is correct, the interpretation of the folks from Angular.js isn't. @IgorMinar, @mhevery, @mzgol this discussion might be of your interest. |
An example of invalid markup: |
|
@Martin-P Where in the specs it is saying an empty action is invalid markup? |
|
Here it says an empty action is invalid markup: http://www.w3.org/TR/html5/forms.html#attr-fs-action
|
|
Its not saying that. Its saying that anything, if specified, that is not considered a valid non-empty URL, potentially surrounded by spaces, is invalid markup. But if you don't interpret that empty string is a specification, then it is valid markup. But OK, I guess you convinced me. That means that Angular.js is preventing the form submission when no action is set, which is then valid markup, and causes any form in a Angular.js enabled page to stop working. |
|
Just test an empty value on W3C validator and it'll point that an action attribute must be non-empty. |
|
@sbtoledo nice point. |
|
W3C Validator is just a "linter". Don't forget that. You don't have to change any code just because the "validator" throw a warning or anyelse |
|
Can somebody give me a tl;dr summary, please? Does anything need to change currently in ZF2? If so, what? |
|
@weierophinney: |
|
Angular extends HTML, it doesn't care—neither have to care—with W3C standards. I suggest that if you need an empty action value, just set an empty string before rendering the form. |
|
If you are already relying on javascript, another possibility is to let javascript check the forms and add an empty action value if none present. That way you do not have to change anything about the way ZF2 renders the form. |
|
@Martin-P Yes, i'm actually doing that right now. But i guess its not necessary to prevent default submit when no action attribute is set, and this is something angular is doing. I created a issue there complaining about this. I agree with you. I'm sorry to be so insistent. zf2 is correct. |
|
@fabiocarneiro No need to be sorry for insistence, I can be insistent as well 😉 I think it is a good thing to stand behind your standpoint 👍 |
According to W3C specification, ‘action’ is an optional attribute and can’t be empty in HTML5. So, if the form doctype is ‘HTML5’ or ‘XHTML5’, the ‘action’ attribute isn’t set as an empty string by default. Also, if either doctypes are detected, form ‘method’ attribute is not set to ‘get’ by default, as some applications may implement submit buttons that use ‘formmethod’ attribute, making form ‘method’ redundant or useless (according to W3C, “missing value default for the method attribute is also the GET state” — and have been since HTML 2.0).
Reference: