Re-evaluate whether comment form should still get the HTML5 novalidate attribute

[westonruter]

Given a theme that declares theme support for html5 via:

<?php
add_theme_support(
        'html5',
        array( 'comment-form' )
);

The result is that not only are the HTML5 input types used (e.g. email) but the comment form itself also gets a novalidate attribute added to it. This prevents HTML5 client-side validation from being performed on comment form when submitting which was added due to concerns about browsers implementing validation in very different ways. Nevertheless, this concern was about browsers 9 years ago so it would be worthwhile to see if this is still a problem. (The attribute was added in #15080 via r23689.)

If novalidate remains important to keep there is a case for optionally allowing it to be removed in order to rely only on client-side validation only. The ​PWA feature plugin adds support for Offline Commenting. This works by having the service worker intercept the POST submission to wp-comments-post.php: it then makes the request, and if it fails fails due to the user being offline, the service worker will replay it later when the user comes back online via the ​BackgroundSync API. However, if client-side validation was not performed then it is possible the user omitted a required field or provided a bad email address, so when they do come back online and the comment is synced, the server would then reject it and it would be more difficult for the user then to find out that their previously-posted comment actually failed. If no filter is available for removing the novalidate attribute, then it has to get removed via hacks like using JS or via PHP with output buffering.

But again, is there still a case for adding the novalidate attribute in the first place? Is not client-side validation a better user experience (if browsers now are now consistent in validation)? For that matter, is there even a case for the format attribute and shouldn't HTML5 always be used?

[westonruter]

Option 1: Add a novalidate_form argument to allow the novalidate attribute to be omitted

[westonruter]

Option 2: Remove form novalidate attribute altogether

[westonruter]

Option 3: Eliminate format argument entirely in favor of using HTML5 only, while also removing novalidate form attribute since browsers should be consistent

[afercia]

See #47505, which proposes to implement a comprehensive user input validation API. I guess that should take into considerations also forms used on the front end, like the post comments one.

[SergeyBiryukov]

#47728 was marked as a duplicate.

[afercia]

Discussed during today's accessibility bug-scrub and agree to move this ticket to Future Release. Probably the first thing to do would be some research to see what the current support from assistive technologies is. This could be a nice, first, task to evaluate further actions.

[SergeyBiryukov]

#42661 was marked as a duplicate.

[SergeyBiryukov]

#47875 was marked as a duplicate.

[SergeyBiryukov]

#49039 was marked as a duplicate.

[guddu1315]

As explained in my ticket here: https://core.trac.wordpress.org/ticket/49039
We can keep JavaScript validation on the form. So the user does not redirect to

wp-comments-post.php

And validation messages are shown on the same page.

[pfefferle]

What about at least a filter, to have a quick win? I think there are a lot of folks that are happy to use the browser validation for their themes (including me).

[afercia]

Related: #32510.