Make WordPress Core

Opened 5 years ago

Last modified 9 months ago

#47595 new enhancement

Re-evaluate whether comment form should still get the HTML5 novalidate attribute

Reported by: westonruter's profile westonruter Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.6
Component: Comments Keywords: has-patch input-validation
Focuses: ui, accessibility, template Cc:

Description (last modified by westonruter)

Given a theme that declares theme support for html5 via:

<?php
add_theme_support(
        'html5',
        array( 'comment-form' )
);

The result is that not only are the HTML5 input types used (e.g. email) but the comment form itself also gets a novalidate attribute added to it. This prevents HTML5 client-side validation from being performed on comment form when submitting which was added due to concerns about browsers implementing validation in very different ways. Nevertheless, this concern was about browsers 9 years ago so it would be worthwhile to see if this is still a problem. (The attribute was added in #15080 via r23689.)

If novalidate remains important to keep there is a case for optionally allowing it to be removed in order to rely only on client-side validation only. The PWA feature plugin adds support for Offline Commenting. This works by having the service worker intercept the POST submission to wp-comments-post.php: it then makes the request, and if it fails fails due to the user being offline, the service worker will replay it later when the user comes back online via the BackgroundSync API. However, if client-side validation was not performed then it is possible the user omitted a required field or provided a bad email address, so when they do come back online and the comment is synced, the server would then reject it and it would be more difficult for the user then to find out that their previously-posted comment actually failed. If no filter is available for removing the novalidate attribute, then it has to get removed via hacks like using JS or via PHP with output buffering.

But again, is there still a case for adding the novalidate attribute in the first place? Is not client-side validation a better user experience (if browsers now are now consistent in validation)? For that matter, is there even a case for the format attribute and shouldn't HTML5 always be used?

Attachments (3)

47595-novalidate_form-argument.0.diff (2.7 KB) - added by westonruter 5 years ago.
Option 1: Add a novalidate_form argument to allow the novalidate attribute to be omitted
47595-remove-novalidate-form-attr.0.diff (850 bytes) - added by westonruter 5 years ago.
Option 2: Remove form novalidate attribute altogether
47595-use-html5-exclusively-and-remove-novalidate.0.diff (5.0 KB) - added by westonruter 5 years ago.
Option 3: Eliminate format argument entirely in favor of using HTML5 only, while also removing novalidate form attribute since browsers should be consistent

Download all attachments as: .zip

Change History (20)

@westonruter
5 years ago

Option 1: Add a novalidate_form argument to allow the novalidate attribute to be omitted

@westonruter
5 years ago

Option 2: Remove form novalidate attribute altogether

@westonruter
5 years ago

Option 3: Eliminate format argument entirely in favor of using HTML5 only, while also removing novalidate form attribute since browsers should be consistent

#1 @westonruter
5 years ago

  • Keywords has-patch added

#2 @westonruter
5 years ago

  • Description modified (diff)

#3 @afercia
5 years ago

  • Keywords input-validation added

See #47505, which proposes to implement a comprehensive user input validation API. I guess that should take into considerations also forms used on the front end, like the post comments one.

#4 @SergeyBiryukov
5 years ago

#47728 was marked as a duplicate.

This ticket was mentioned in Slack in #accessibility by afercia. View the logs.


5 years ago

This ticket was mentioned in Slack in #accessibility by afercia. View the logs.


5 years ago

#7 @afercia
5 years ago

  • Milestone changed from Awaiting Review to Future Release

Discussed during today's accessibility bug-scrub and agree to move this ticket to Future Release. Probably the first thing to do would be some research to see what the current support from assistive technologies is. This could be a nice, first, task to evaluate further actions.

#8 @SergeyBiryukov
5 years ago

#42661 was marked as a duplicate.

#9 @SergeyBiryukov
5 years ago

#47875 was marked as a duplicate.

#10 @SergeyBiryukov
5 years ago

#49039 was marked as a duplicate.

#11 @guddu1315
5 years ago

As explained in my ticket here: #49039
We can keep JavaScript validation on the form. So the user does not redirect to

wp-comments-post.php

And validation messages are shown on the same page.

Last edited 5 years ago by SergeyBiryukov (previous) (diff)

#12 @pfefferle
4 years ago

What about at least a filter, to have a quick win? I think there are a lot of folks that are happy to use the browser validation for their themes (including me).

Last edited 4 years ago by pfefferle (previous) (diff)

#13 @afercia
4 years ago

Related: #32510.

#14 @oglekler
20 months ago

This error message looks obsolete and needs to be avoided as much as possible for not to spoil a good impression upon users. Let's make JS validation or remove "novalidate" attribute. Both solutions look not very complicated. If there are some concerns from the accessibility perspective, it's better to ask accessibility team how it can be done better. The third possibility is a hook to get developers an opportunity to decide for themselves, but from my perspective this is unnecessary complication to many developers when this can be solved in the root.

Last edited 20 months ago by oglekler (previous) (diff)

This ticket was mentioned in Slack in #accessibility by sabernhardt. View the logs.


18 months ago

#16 @sabernhardt
14 months ago

#58968 was marked as a duplicate.

#17 @bugnumber9
9 months ago

The default behavior is indeed anything but good UX in 2024.

It was mentioned in https://core.trac.wordpress.org/ticket/49039#comment:4 that 27% of browsers in use don't support the required attribute, but that was 4 years ago.
As of today, more than 97% of browsers in use support it: https://caniuse.com/mdn-api_htmlinputelement_required

Note: See TracTickets for help on using tickets.