Starting with Firefox 77,
<textarea> HTML elements will no longer automatically truncate pasted or dropped user text, even if the content is longer than the number of characters specified with the
maxlength attribute. This change mainly aims at preventing a long password pasted from somewhere else, e.g. a password manager, from being unexpectedly truncated and then saved by the site.
The form control will be marked as invalid if the text is longer than
maxlength. The element’s
validity DOM object will be updated accordingly, where the
valid property will be
false, and the
tooLong property will be
The user will typically see a red border around the text field along with a validation message like “Please shorten this text to 20 characters or less (you are currently using 30 characters),” that can be customized with the
setCustomValidity method if needed.
The form cannot be submitted until the user fixes the error, so the server shall not receive an excessively long text or password (a server-side validation has to be put in place anyway.) However, this could potentially affect a front-end implementation if it expects the entered text never to exceed
Update: This change has been reverted in Firefox 77 (via remote control) and later, because
form.submit() does not directly run the standard validation against invalid values, and therefore applications without proper custom frontend and backend validations might be broken.