From e06196dec86f6d99fda0ed1c5dac3f62e3e34f6d Mon Sep 17 00:00:00 2001
From: qa46hx <Gerjan.van.Geest@ing.com>
Date: Thu, 16 Jul 2020 15:02:51 +0200
Subject: [PATCH] fix(form-core): remove possible untrusted input value
 callback

---
 packages/form-core/src/LionField.js | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/packages/form-core/src/LionField.js b/packages/form-core/src/LionField.js
index 0491606b8..a65488de4 100644
--- a/packages/form-core/src/LionField.js
+++ b/packages/form-core/src/LionField.js
@@ -41,6 +41,9 @@ export class LionField extends FormControlMixin(
         type: String,
         reflect: true,
       },
+      value: {
+        type: String,
+      },
     };
   }
 
@@ -79,11 +82,14 @@ export class LionField extends FormControlMixin(
     // if not yet connected to dom can't change the value
     if (this._inputNode) {
       this._setValueAndPreserveCaret(value);
+      this.__value = undefined;
+    } else {
+      this.__value = value;
     }
   }
 
   get value() {
-    return (this._inputNode && this._inputNode.value) || '';
+    return (this._inputNode && this._inputNode.value) || this.__value || '';
   }
 
   constructor() {
@@ -98,13 +104,6 @@ export class LionField extends FormControlMixin(
   }
 
   connectedCallback() {
-    // TODO: Investigate issue below.
-    // Normally we put super calls on top for predictability,
-    // here we temporarily need to do attribute delegation before,
-    // so the FormatMixin uses the right value. Should be solved
-    // when value delegation is part of the calculation loop of
-    // FormatMixin
-    this._delegateInitialValueAttr();
     super.connectedCallback();
     this._onChange = this._onChange.bind(this);
     this._inputNode.addEventListener('change', this._onChange);
@@ -133,17 +132,6 @@ export class LionField extends FormControlMixin(
     }
   }
 
-  /**
-   * This is not done via 'get delegations', because this._inputNode.setAttribute('value')
-   * does not trigger a value change
-   */
-  _delegateInitialValueAttr() {
-    const valueAttr = this.getAttribute('value');
-    if (valueAttr !== null) {
-      this.value = valueAttr;
-    }
-  }
-
   resetInteractionState() {
     if (super.resetInteractionState) {
       super.resetInteractionState();