[whatwg] The problem of duplicate ID as a security issue
Ric Hardacre
ric at hardacre.org
Tue Mar 14 01:13:21 PST 2006
Mihai Sucan wrote:
> Yes... but there's a need for allowing the parent document control
> sandboxed content. Therefore, it needs a new parameter, for example:
> getElementById(string id, bool search_in_sandbox). Isn't that changing
> the getElementById function? Of course this only a way, it could
> probably be done differently, without changing the function(s).
perhaps:
<body>
<div id="id">
DIV1
</div>
<sandbox id="mysandbox" >
<div id="id">
DIV2
</div>
</sandbox>
</body>
from outside the sandbox:
e = document.getElementById( "id" );
//e = DIV1
eMSB = document.getElementById( "mysandbox" )
e = eMSB.getElementById( "id" );
//e = DIV2
from within the sandbox:
var e = document.getElementById( "id" );
//e = DIV2
Ric Hardacre
www.cyclomedia.co.uk
More information about the whatwg
mailing list