Closed nesterow closed 5 years ago
thank you for this PR, the choice to avoid printing the value attributes is due to security reasons. I need to be sure that rendering the value attribute for password inputs via SSR doesn't represent a security leak. Please hold on a bit I will need to check how other SSR frameworks deal with such dangerous stuff
Makes sense. I think the value attribute should be presented on input elements at least as an empty string. If there's no value attribute the templates would loose bindings after hydrating. I guess because morphdom
calls El.removeAttribute('value')
if there weren't values on both inputs.
https://github.com/patrick-steele-idem/morphdom/blob/da08ab419ae21d305bc5cfb38f2f3d6c2152d1c7/src/specialElHandlers.js#L51
thank you for this patch I will publish a new release asap
When the input value is set through a property using javascript (
input.value = "test"
) it does not reflect on the HTML attribute "value". So the markup rendered by javascript would return no values for<input>
elements.