Chrome truncates prompt pre-filled values longer than 2000 characters

The window.prompt() DOM method creates a simple modal pop-up for user input. The first parameter you pass to it is the text displayed in the prompt, the second allows you to pre-fill a value for the user.

Relying on the fact that you can set the value before the prompt is displayed, I've often used prompt() as a quick and dirty way of both importing and exporting data in early versions of applications I build so I don't have to bother with creating text boxes and other UI elements.

Recently when exporting some JSON out of Chrome using prompt(), I found that FireFox could not read it because the JSON was malformed. At first I thought it might be a bug with Chrome's JSON.stringify implementation. It turns out that it was actually a problem with prompt(). It seems that Chrome will truncate any pre-filled value longer than 2000 characters, taking a chunk out of the middle of the string and replacing it with '...'. This does not seem to affect values entered directly by the user, just ones that were programmatically added. I'm not sure if this is a bug or a "feature" but it is certainly an unexpected behavior.

It could be argued that I'm abusing prompt() by using it as an output vector, but this behavior can be harmful in other less abusive usage cases too. Say an application allows a user to type a value in which is stored, and then uses a prompt() to let them edit it later. When the prompt() pops up if the previously entered string was longer than 2000 characters, it will display a corrupted copy of the value, if the user doesn't notice the change they will edit it and press okay, saving a truncated version over the previously stored full copy.

This behavior can be particularly frustrating to troubleshoot since instead of being done at the end of the string the truncation is done in the middle. Spotting an ellipsis in the middle of a 2000+ character string and realizing something is amiss is not so easy. I was lucky that the data I was exporting/importing was JSON and it came out malformed because of the truncation, if it had not I probably wouldn't have noticed and would have overwritten valid data with an incomplete dataset. Had I been exporting/importing plaintext I'm sure this would have gone unnoticed much longer.

The moral of the story: If you are exporting text in Chrome output it to a <textarea> element so it comes out in the same condition it went in.