Re: L3 Core: adopting into their existing document

Joseph Kesselman wrote:

>
>
>
>  
>
>>Would it be possible to state that WRONG_DOCUMENT_ERR should be
>>thrown on attempt to adopt a node into the same document?
>>    
>>
>
>I'm not convinced that this is a Good Idea. It turns a mostly-harmless
>operation into an error condition, and prevents adoptNode from being used
>as a general safety net prior to insertion of a node obtained from an
>untrusted source.
>
>Making adopting a node into its own document be a no-op would seem to be a
>cleaner fix for Curt's concern about the side-effect... though leaving it
>as it now stands also strikes me as acceptable.
>  
>
I'm not sure if adoptNode() as-is on a node's source document is 
"mostly-harmless".  The preconception behind adopt node is that we are 
willing to cannibalize the source documents in order to build our target 
document.  In all cases expect the same document case, there is no 
mutation to the one document that we care about.

If you were using adoptNode as a "safety net" on an insert operation, a 
malicious caller may exploits adoptNode's behavior to move or remove 
existing nodes by attempting to insert them insignificant places.

Maybe the best solution is to specify that adoptNode in this scenario is 
equivalent to cloneNode.  If you just returned the source node, you 
could get an IN_USE error on an attempt to insert that you could never 
get if adopted from a foreign source.

Received on Wednesday, 7 January 2004 11:40:10 UTC