W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] The problem of duplicate ID as a security issue

From: Alexey Feldgendler <alexey@feldgendler.ru>
Date: Fri, 17 Mar 2006 11:17:20 +0600
Message-ID: <op.s6jky6wk1h6og4@localhost>
On Thu, 16 Mar 2006 21:55:33 +0600, Hallvord R M Steen  
<hallvors at gmail.com> wrote:

>> Yes, getElementById is already defined to deal with duplicate IDs by
>> returning null, in DOM Level 3 Core [1].

> This should be changed, it will break sites.

I'm not sure that the present behavior of the browsers can be put in the  
spec. Actually, there are many subtle questions regarding this behavior:  
What happens if a node's ID is set to a duplicate value? Will the result  
depend on which node comes before? What if duplicates occur when a node  
with a subtree is attached to the document? What happens when one of the  
nodes with duplicate IDs is removed, so that there is no more duplication?

I'm not sure that the answers to these questions are the same for all  
modern browsers.


-- Opera M2 9.0 TP2 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]  
<alexey at feldgendler.ru>
Received on Thursday, 16 March 2006 21:17:20 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC