[whatwg] Web Forms 2.0 comments - [ID] repetition index replacement

Ian Hickson ian at hixie.ch
Tue Jun 22 06:10:47 PDT 2004

On Tue, 15 Jun 2004, fantasai wrote:
> Change the replacement punctuation from "[id]" to "-.id.-" or ":-id-:" or
> something like that. This has two advantages:
>    a) The combination of that very unusual punctuation sequence (both
>       opening and closing) /and/ an exact match of the template ID is
>       going to be so rare as to be practically ignorable.

Malicious users could trivially work out the combination that would break
this, so I don't think that's a solution to the problem.

>    b) ID and NAME attributes using the replacement mechanism can still
>       be valid.

That's a good point though. I'm not sure I like "-.id.-" or ":-id-:", or
".id:" or "_id-" or other combinations I've looked at, though.


...hmm, none of those leap out at me.

(I have to be honest, the fact that "order[row]" is not a valid ID is not
a big deal for me... that restriction seems pretty arbitrary.)

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list