[whatwg] Web Forms 2.0 comments - [ID] repetition index replacement

On Tue, 15 Jun 2004, fantasai wrote:
>
> Change the replacement punctuation from "[id]" to "-.id.-" or ":-id-:" or
> something like that. This has two advantages:
>
>    a) The combination of that very unusual punctuation sequence (both
>       opening and closing) /and/ an exact match of the template ID is
>       going to be so rare as to be practically ignorable.

Malicious users could trivially work out the combination that would break
this, so I don't think that's a solution to the problem.


>    b) ID and NAME attributes using the replacement mechanism can still
>       be valid.

That's a good point though. I'm not sure I like "-.id.-" or ":-id-:", or
".id:" or "_id-" or other combinations I've looked at, though.

   name="order-row_"
   name="order_row-"
   name="order.row:"
   name="order:row."
   name="order-row."

...hmm, none of those leap out at me.

(I have to be honest, the fact that "order[row]" is not a valid ID is not
a big deal for me... that restriction seems pretty arbitrary.)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 22 June 2004 06:10:47 UTC