HTML5 was released in 2014 and is the current major version of the Hypertext Markup Language (HTML). HTML is the language that your web-browsers to present content on the web. One of the important features in HTML5 is the increase in the increase in the number of input fields formally supported and the accompanying browser support for these fields. These new input types include email, tel, number, date, time, and color among other types. The accompanied browser functionality includes custom keyboards/input options and local input validation for the input values. Best of all the new input types are backwards compatible with browsers that do not support HTML5. If a browser does not support a given input type the default behavior is to treat the field as a text input type. Developers can implement the newer input types with the knowledge that unsupported browsers will fail gracefully.
The biggest benefit for end users is the increase in ease of use. Especially on mobile platforms where customized keyboards and custom input options make for a better user experience. Some examples include the email type adding "@" and .com to the keyboard, the number type changing the keyboard to only numbers, and the date type using a calendar to pick a date.
For developers the new input types are a double edged sword. On a positive note browsers can now assist in validating form input. Unfortunately the input validation cannot be trusted. The validation on the fields is dependent on which browser is used and is in no way guaranteed to work the same between different browsers. As mentioned before some browsers do not support the new input types and treat the input as text, which has no validation. Browser validation is also easy to bypass using tools to manipulate the values passed to the web server. Most importantly it is never a good idea to trust any input provided by a user or external process. It is a security best practice to always sanitize and validate any input. This practice helps protect against the most common attacks.
I have included several input fields below to let you see how/if your browser of choice supports the new HTML5 input types.
The biggest benefit for end users is the increase in ease of use. Especially on mobile platforms where customized keyboards and custom input options make for a better user experience. Some examples include the email type adding "@" and .com to the keyboard, the number type changing the keyboard to only numbers, and the date type using a calendar to pick a date.
For developers the new input types are a double edged sword. On a positive note browsers can now assist in validating form input. Unfortunately the input validation cannot be trusted. The validation on the fields is dependent on which browser is used and is in no way guaranteed to work the same between different browsers. As mentioned before some browsers do not support the new input types and treat the input as text, which has no validation. Browser validation is also easy to bypass using tools to manipulate the values passed to the web server. Most importantly it is never a good idea to trust any input provided by a user or external process. It is a security best practice to always sanitize and validate any input. This practice helps protect against the most common attacks.
I have included several input fields below to let you see how/if your browser of choice supports the new HTML5 input types.
| Input Type | Example |
|---|---|
| search | |
| url | |
| tel | |
| number | |
| range | |
| date | |
| month | |
| week | |
| time | |
| datetime | |
| datetime-local | |
| color |
Comments
Post a Comment