Reverted Text exceeding maxlength will no longer be truncated when pasted into <input> or <textarea>


Categories: HTML

Releases: Firefox 77


Starting with Firefox 77, <input> and <textarea> HTML elements will no longer automatically truncate pasted or dropped user text, even if the content is longer than the number of characters specified with the maxlength attribute. This change mainly aims at preventing a long password pasted from somewhere else, e.g. a password manager, from being unexpectedly truncated and then saved by the site.

The form control will be marked as invalid if the text is longer than maxlength. The element’s validity DOM object will be updated accordingly, where the valid property will be false, and the tooLong property will be true.

The user will typically see a red border around the text field along with a validation message like “Please shorten this text to 20 characters or less (you are currently using 30 characters),” that can be customized with the setCustomValidity method if needed.

The form cannot be submitted until the user fixes the error, so the server shall not receive an excessively long text or password (a server-side validation has to be put in place anyway.) However, this could potentially affect a front-end implementation if it expects the entered text never to exceed maxlength.

Update: This change has been reverted in Firefox 77 (via remote control) and later, because form.submit() does not directly run the standard validation against invalid values, and therefore applications without proper custom frontend and backend validations might be broken.