[whatwg] The problem of duplicate ID as a security issue from Mihai Sucan on 2006-03-16 (public-whatwg-archive@w3.org from March 2006)

From: Mihai Sucan <mihai.sucan@gmail.com>
Date: Thu, 16 Mar 2006 21:49:58 +0200
Message-ID: <op.s6iundzomcpsjg@localhost.localdomain>

Le Thu, 16 Mar 2006 17:18:54 +0200, Mihai Sucan <mihai.sucan at gmail.com> a  
?crit:

<...>
> Yet getElementById is defined as [2]:
>
> <blockquote>
> 	Returns the Element that has an ID attribute with the given value. If  
> no such element exists, this returns null.
> 	If more than one element has an ID attribute with that value, what is  
> returned is undefined.
> </blockquote>
>
> Therefore... the appropriate behaviour for  
> getElementById("duplicate-ID") is to return null.
<...>

Mistake reported by Jim Ley on IRC:

What getElementById('duplicate-ID') returns is undefined according to the  
DOM3Core recommandation. This is an error affecting the entire reply.  
Apologies.

IMHO, DOM 2 Core has a better wording in regards to this: "behavior is not  
defined if more than one element has this ID". It's much clearer.

-- 
http://www.robodesign.ro
ROBO Design - We bring you the future

Received on Thursday, 16 March 2006 11:49:58 UTC