[whatwg] The problem of duplicate ID as a security issue
Alexey Feldgendler
alexey at feldgendler.ru
Tue Mar 14 04:07:01 PST 2006
On Tue, 14 Mar 2006 15:13:21 +0600, Ric Hardacre <ric at hardacre.org> wrote:
>> Yes... but there's a need for allowing the parent document control
>> sandboxed content. Therefore, it needs a new parameter, for example:
>> getElementById(string id, bool search_in_sandbox). Isn't that changing
>> the getElementById function? Of course this only a way, it could
>> probably be done differently, without changing the function(s).
> perhaps:
>
> <body>
> <div id="id">
> DIV1
> </div>
> <sandbox id="mysandbox" >
> <div id="id">
> DIV2
> </div>
> </sandbox>
> </body>
>
> from outside the sandbox:
>
> e = document.getElementById( "id" );
> //e = DIV1
>
> eMSB = document.getElementById( "mysandbox" )
> e = eMSB.getElementById( "id" );
> //e = DIV2
>
> from within the sandbox:
>
> var e = document.getElementById( "id" );
> //e = DIV2
That's exactly what I meant.
-- Opera M2 9.0 TP2 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]
<alexey at feldgendler.ru>
More information about the whatwg
mailing list