Re: [whatwg] Proposal: Adding methods like getElementById and getElementsByTagName to DocumentFragments from Boris Zbarsky on 2013-10-10 (public-whatwg-archive@w3.org from October 2013)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 10 Oct 2013 10:22:09 -0400
To: Glenn Maynard <glenn@zewt.org>
Cc: whatwg <whatwg@lists.whatwg.org>, Simon Pieters <simonp@opera.com>
Message-ID: <5256B811.1090808@mit.edu>

On 10/10/13 10:15 AM, Glenn Maynard wrote:
> When I'm doing this I just make sure that the strings don't need
> escaping in the first place.  Many of these look like they do that
> (probably most "ID" cases are things like random numbers or alphanumerics).

Let's take a look at Simon's examples from actual web pages:

   .querySelectorAll("#"+M+" "+m)
   .querySelectorAll('.'+classes[i])

If M is a random number, it needs escaping.  Similar if classes[i] is a 
random number.  In particular, ID and class selectors cannot start with 
a digit.

> FWIW, I rarely use IDs at all: I use classes, even if there will
> probably only be one of something.

Classes have the same syntax as IDs in CSS (both are identifiers), so 
it's the same issue.

-Boris

Received on Thursday, 10 October 2013 14:22:39 UTC