- From: Glenn Maynard <glenn@zewt.org>
- Date: Thu, 10 Oct 2013 09:35:23 -0500
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: whatwg <whatwg@lists.whatwg.org>, Simon Pieters <simonp@opera.com>
On Thu, Oct 10, 2013 at 9:22 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 10/10/13 10:15 AM, Glenn Maynard wrote:
>
>> When I'm doing this I just make sure that the strings don't need
>> escaping in the first place. Many of these look like they do that
>> (probably most "ID" cases are things like random numbers or
>> alphanumerics).
>>
>
> Let's take a look at Simon's examples from actual web pages:
>
> .querySelectorAll("#"+M+" "+m)
> .querySelectorAll('.'+classes[**i])
>
> If M is a random number, it needs escaping. Similar if classes[i] is a
> random number. In particular, ID and class selectors cannot start with a
> digit.
That's why I said "many". There are obviously several cases that do need
escaping.
> FWIW, I rarely use IDs at all: I use classes, even if there will
>> probably only be one of something.
>>
>
> Classes have the same syntax as IDs in CSS (both are identifiers), so it's
> the same issue.
>
My point was that I never use getElementById (and getElementsByClassName
returns an array, so it's wrong too).
--
Glenn Maynard
Received on Thursday, 10 October 2013 14:35:47 UTC