W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2007

[whatwg] The problem of duplicate ID as a security issue

From: Alexey Feldgendler <alexey@feldgendler.ru>
Date: Thu, 07 Jun 2007 09:32:32 +0200
Message-ID: <op.ttji8i1k1h6og4@pita.feldgendler.ru>
On Thu, 07 Jun 2007 00:42:31 +0200, Ian Hickson <ian at hixie.ch> wrote:

>> IDs in user-supplied content are only useful as fragment identifiers for
>> URLs, and mangling them like that defeats this use case because you
>> don't know N before you post the comment, and therefore can't make
>> internal links within the body (and it's also unobvious when you try to
>> make links to parts of your article afterwards).

> True. I don't have a good solution to this that doesn't involve code on
> the server-side, though.

Some form of sandboxing would be one.

Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
Received on Thursday, 7 June 2007 00:32:32 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:56 UTC