- From: Hallvord R M Steen <hallvors@gmail.com>
- Date: Thu, 16 Mar 2006 16:55:33 +0100
> Yes, getElementById is already defined to deal with duplicate IDs by > returning null, in DOM Level 3 Core [1]. This should be changed, it will break sites. > Yet, the implementations (major User Agents: Opera, Gecko, Konqueror and > IE) are the problem, actually. These do not return null, they return the > last node which set the ID. They return the first element in the source with the given ID. Testing with IE6, FireFox 1.5 and Opera 9. Implementations agree simply because this is necessary to make sites work. > That's a problem with security implications, > as stated by Alexey in the message starting this thread. The cross-browser implementation makes the problem less serious since a site can simply ensure that the content it controls is earlier in the source than the user-supplied contents. -- Hallvord R. M. Steen
Received on Thursday, 16 March 2006 07:55:33 UTC