[whatwg] The problem of duplicate ID as a security issue

Ric Hardacre ric at hardacre.org
Tue Mar 14 01:13:21 PST 2006

Mihai Sucan wrote:
> Yes... but there's a need for allowing the parent document control 
> sandboxed content. Therefore, it needs a new parameter, for example: 
> getElementById(string id, bool search_in_sandbox). Isn't that changing 
> the getElementById function? Of course this only a way, it could 
> probably be done differently, without changing the function(s).


<div id="id">
<sandbox id="mysandbox" >
	<div id="id">

from outside the sandbox:

e = document.getElementById( "id" );
//e = DIV1

eMSB = document.getElementById( "mysandbox" )
e = eMSB.getElementById( "id" );
//e = DIV2

from within the sandbox:

var e = document.getElementById( "id" );
//e = DIV2

Ric Hardacre

More information about the whatwg mailing list