[whatwg] Web Forms 2.0 comments - [ID] repetition index replacement
ian at hixie.ch
Tue Jun 22 06:10:47 PDT 2004
On Tue, 15 Jun 2004, fantasai wrote:
> Change the replacement punctuation from "[id]" to "-.id.-" or ":-id-:" or
> something like that. This has two advantages:
> a) The combination of that very unusual punctuation sequence (both
> opening and closing) /and/ an exact match of the template ID is
> going to be so rare as to be practically ignorable.
Malicious users could trivially work out the combination that would break
this, so I don't think that's a solution to the problem.
> b) ID and NAME attributes using the replacement mechanism can still
> be valid.
That's a good point though. I'm not sure I like "-.id.-" or ":-id-:", or
".id:" or "_id-" or other combinations I've looked at, though.
...hmm, none of those leap out at me.
(I have to be honest, the fact that "order[row]" is not a valid ID is not
a big deal for me... that restriction seems pretty arbitrary.)
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg