- From: Kornel Lesiński <kornel@geekhood.net>
- Date: Sun, 08 Sep 2013 19:11:28 +0100
- To: "Simon Pieters" <simonp@opera.com>
- Cc: whatwg <whatwg@whatwg.org>
On Fri, 06 Sep 2013 13:20:01 +0100, Simon Pieters <simonp@opera.com> wrote:
>> Such a function already exists in the wild btw:
>> http://mothereff.in/css-escapes
>
> So the use case is getting an element by id with an "untrusted" id as
> input, in an element or document fragment as opposed to the document?
I wouldn't call it "untrusted". It's needed to correctly find arbitrary ID.
It's not too eccentric to have non-alphanumeric IDs. For example you need
to use `[]` in form element name to receive multiple values in PHP, and it
makes sense for form-generating libraries to use same name and ID.
I don't understand "deprecation" of getElementById().
querySelector('#'+CSS.escapeIdent(id)) is significantly worse: less
readable, slower (generates garbage strings) and error-prone (unescaped
incorrect use is much easier than the correct use).
It's like deprecating indexOf(), because properly-escaped regular
expressions can do the same.
getElementById() is a very well-known API. It's pretty convenient. It
cannot be removed from the platform, so every browser already has to
implement it and cost of exposing it on document fragments should be
minimal.
Maybe it's not "cool", but keeping it away from document fragments buys
nothing, and just makes the platform less consistent.
--
regards, Kornel
Received on Sunday, 8 September 2013 18:12:04 UTC