- From: Curt Arnold <carnold@houston.rr.com>
- Date: Wed, 07 Jan 2004 10:40:08 -0600
- To: www-dom@w3.org
Joseph Kesselman wrote: > > > > > >>Would it be possible to state that WRONG_DOCUMENT_ERR should be >>thrown on attempt to adopt a node into the same document? >> >> > >I'm not convinced that this is a Good Idea. It turns a mostly-harmless >operation into an error condition, and prevents adoptNode from being used >as a general safety net prior to insertion of a node obtained from an >untrusted source. > >Making adopting a node into its own document be a no-op would seem to be a >cleaner fix for Curt's concern about the side-effect... though leaving it >as it now stands also strikes me as acceptable. > > I'm not sure if adoptNode() as-is on a node's source document is "mostly-harmless". The preconception behind adopt node is that we are willing to cannibalize the source documents in order to build our target document. In all cases expect the same document case, there is no mutation to the one document that we care about. If you were using adoptNode as a "safety net" on an insert operation, a malicious caller may exploits adoptNode's behavior to move or remove existing nodes by attempting to insert them insignificant places. Maybe the best solution is to specify that adoptNode in this scenario is equivalent to cloneNode. If you just returned the source node, you could get an IN_USE error on an attempt to insert that you could never get if adopted from a foreign source.
Received on Wednesday, 7 January 2004 11:40:10 UTC