[whatwg] The problem of duplicate ID as a security issue

Ric Hardacre ric at hardacre.org
Tue Mar 14 01:13:21 PST 2006



Mihai Sucan wrote:
> Yes... but there's a need for allowing the parent document control 
> sandboxed content. Therefore, it needs a new parameter, for example: 
> getElementById(string id, bool search_in_sandbox). Isn't that changing 
> the getElementById function? Of course this only a way, it could 
> probably be done differently, without changing the function(s).

perhaps:

<body>
<div id="id">
	DIV1
</div>
<sandbox id="mysandbox" >
	<div id="id">
		DIV2
	</div>
</sandbox>
</body>


from outside the sandbox:

e = document.getElementById( "id" );
//e = DIV1

eMSB = document.getElementById( "mysandbox" )
e = eMSB.getElementById( "id" );
//e = DIV2


from within the sandbox:

var e = document.getElementById( "id" );
//e = DIV2



Ric Hardacre
www.cyclomedia.co.uk




More information about the whatwg mailing list