14254 2011-09-22 21:19:49 +0000 insertText has to handle things like \r, \0, etc. sanely 2012-12-04 00:52:57 +0000 1 1 1 Unclassified WebAppsWG HISTORICAL - HTML Editing APIs unspecified All Windows 3.1 NEW P2 minor --- 1 ayg ayg ehsan mike public-webapps sideshowbarker+html-editing-api oldest_to_newest 57187 0 ayg 2011-09-22 21:19:49 +0000 What should happen if you do document.execCommand("inserttext", false, "\0") or something like that? That won't serialize to text/html. Presumably the input needs to be sanitized somehow, but how? The brute-force option is to say you have to apply a function that works like function normalizeText(text) { var span = document.createElement("span"); span.textContent = text; span.innerHTML = span.innerHTML; return span.innerHTML; } This will work, but is there a simpler way? It would be pretty ridiculous to require calling the HTML parsing and serialization algorithms here. I could just require that the results be the same, but that invites bugs. 57222 1 zcorpan 2011-09-23 08:26:12 +0000 The DOM can contain \r and \0 by using e.g. textContent. Why it it a problem for execCommand? 57250 2 ayg 2011-09-23 19:00:44 +0000 Hmm . . . good point. I was aiming to only produce DOMs that serialize as text/html, but if the author is going to go out of their way to have scripts insert bogus stuff like this, no reason we should stand in their way. In that case, I need to update gentest.html so it will generate these tests even though the DOM doesn't serialize. Currently it assumes that such a test is buggy and skips generating it. 57253 3 ehsan 2011-09-23 19:15:05 +0000 FWIW, what Gecko does is that it doesn't store \r's in the DOM, but it stores every other character as passed in. And the only reason we handle \r's specially is to avoid the line-breaking hell across multiple platforms.