[whatwg] The problem of duplicate ID as a security issue

Le Tue, 14 Mar 2006 14:07:01 +0200, Alexey Feldgendler  
<alexey at feldgendler.ru> a ?crit:

> On Tue, 14 Mar 2006 15:13:21 +0600, Ric Hardacre <ric at hardacre.org>  
> wrote:
>
<...>
>
>> perhaps:
>>
>> <body>
>> <div id="id">
>> 	DIV1
>> </div>
>> <sandbox id="mysandbox" >
>> 	<div id="id">
>> 		DIV2
>> 	</div>
>> </sandbox>
>> </body>
>>
>> from outside the sandbox:
>>
>> e = document.getElementById( "id" );
>> //e = DIV1
>>
>> eMSB = document.getElementById( "mysandbox" )
>> e = eMSB.getElementById( "id" );
>> //e = DIV2
>>
>> from within the sandbox:
>>
>> var e = document.getElementById( "id" );
>> //e = DIV2
>
> That's exactly what I meant.

I've made a short "investigation" regarding how browsers behave with  
document.getElementById('a-duplicate-ID').

The page:
http://www.robodesign.ro/_gunoaie/duplicate-ids.html

Take a close look into the source (I've provided comments) to understand  
what the "Click me" tests and what it shows. You'll see major browsers  
I've tested behave the same: like with a queue, the last node that sets  
the duplicate ID is also the node that's returned when you use  
getElementById function.

-- 
http://www.robodesign.ro
ROBO Design - We bring you the future

Received on Tuesday, 14 March 2006 12:42:27 UTC