input with type="number" allows alphabetic characters

Issue #10792541 • Assigned to Bogdan B.

Details

Author
Dirk v.
Created
Feb 3, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
38.14393
Reports
Reported by 6 people

Sign in to watch or report this issue.

Steps to reproduce

An input with type="number" should only alllow numbers, but typing in alphabetic characters seems to work.

expected behaviour: Alphabetic characters shouldn’t be allowed
current behaviour: Alphabetic characters can be put into number input fields
steps to reproduce: http://codepen.io/anon/pen/wgjyXd

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Status to “Confirmed”

      Changed Assigned To to “Brad E.”

    • http://w3c.github.io/html-reference/input.number.html
      http://w3c.github.io/html-reference/datatypes.html#common.data.float

      Strange, they wrote “value = floating-point number” but define "attribute DOMString defaultValue; attribute DOMString value;". This make no sense for me.
      I would expect float or double:
      attribute double defaultValue;
      attribute double value;

    • Microsoft Edge Team

      Changed Assigned To from “Brad E.” to “James M.”

      Changed Assigned To to “Bogdan B.”

      Changed Status from “Confirmed” to “Won’t fix”

    • @Bogdan B. Can you please provide come context as to why this was closed as won’t fix? The spec says, “represents a precise control for setting the element’s value to a string representing a number.” To me this implies that the field should not accept inputs that would result in it being not-a-number. That interpretation also aligns with other browser implementations. Is there some value in allowing users to input non-numbers into a number input box? Is there some technical complexity that makes sanitizing the input particularly challenging?

      Keep in mind that by not sanitizing the input like other browsers do, it means that every app developer that needs sanitized inputs will now have to write application layer code to do sanitization like they have done historically, rather than the browser doing this incredibly common operation itself. Many of the things added to HTML5 (especially around validation) were to make it so the browser natively handled things that a large number of users were handling at the application layer.

    • Microsoft Edge Team

      Changed Status from “Won’t fix”

    • Reactivating auto-resolved valid bugs reported by web dev community. Those were not expected to be resolved. We apologize for any inconvenience!

    • Microsoft Edge Team

      Changed Assigned To to “Bogdan B.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in