HTML validation of non-float values in admin number widgets allows submitting invalid entries to succeed if blank=True

[pawel-steto]

Hello,

Having the following model and associated admin:

from django.db import models

class FooBar(models.Model):
    float_req = models.FloatField()
    float_not_req = models.FloatField(null=True, blank=True)

from django.contrib import admin

from .models import FooBar

admin.site.register(FooBar)

If you:

1. Create an entry with both float fields set
2. In django admin, edit the float_not_req field entering an invalid float (a string for example)
3. Save the model

No issue is shown, the value of the field is overridden and set to None

But If you do the same for the required float field, a validation error is raised and the field is not overridden.

I know it is possible to change this behavior overriding the save/clean logic in django admin but I think this is misleading.

Have a nice day,
Pawel

[Jacob Walls]

Thanks for the ticket. Admin widgets have used type="number" since #27199, with the result that nonsense values get cleaned by the browser to "", and thus never make it to Django.

If this is not desired, a ​workaround is documented (however, and TIL -- novalidate has no effect on type="number", so your workarounds are reduced to just using TextInput.):

If your form includes a URLField, an EmailField or any integer field type, Django will use the url, email and number HTML5 input types. By default, browsers may apply their own validation on these fields, which may be stricter than Django’s validation. If you would like to disable this behavior, set the novalidate attribute on the form tag, or specify a different widget on the field, like TextInput.

If your proposal is to revert #27199, it would present compatibility concerns and should be discussed first on the ​Forum (internals).