[whatwg] The problem of duplicate ID as a security issue

On Thu, 16 Mar 2006 21:55:33 +0600, Hallvord R M Steen  
<hallvors at gmail.com> wrote:

>> Yes, getElementById is already defined to deal with duplicate IDs by
>> returning null, in DOM Level 3 Core [1].

> This should be changed, it will break sites.

I'm not sure that the present behavior of the browsers can be put in the  
spec. Actually, there are many subtle questions regarding this behavior:  
What happens if a node's ID is set to a duplicate value? Will the result  
depend on which node comes before? What if duplicates occur when a node  
with a subtree is attached to the document? What happens when one of the  
nodes with duplicate IDs is removed, so that there is no more duplication?

I'm not sure that the answers to these questions are the same for all  
modern browsers.


-- Opera M2 9.0 TP2 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]  
<alexey at feldgendler.ru>

Received on Thursday, 16 March 2006 21:17:20 UTC