W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] The problem of duplicate ID as a security issue

From: Ric Hardacre <ric@hardacre.org>
Date: Tue, 14 Mar 2006 09:13:21 +0000
Message-ID: <44168931.7040702@hardacre.org>


Mihai Sucan wrote:
> Yes... but there's a need for allowing the parent document control 
> sandboxed content. Therefore, it needs a new parameter, for example: 
> getElementById(string id, bool search_in_sandbox). Isn't that changing 
> the getElementById function? Of course this only a way, it could 
> probably be done differently, without changing the function(s).

perhaps:

<body>
<div id="id">
	DIV1
</div>
<sandbox id="mysandbox" >
	<div id="id">
		DIV2
	</div>
</sandbox>
</body>


from outside the sandbox:

e = document.getElementById( "id" );
//e = DIV1

eMSB = document.getElementById( "mysandbox" )
e = eMSB.getElementById( "id" );
//e = DIV2


from within the sandbox:

var e = document.getElementById( "id" );
//e = DIV2



Ric Hardacre
www.cyclomedia.co.uk
Received on Tuesday, 14 March 2006 01:13:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC