[whatwg] The problem of duplicate ID as a security issue

Alexey Feldgendler alexey at feldgendler.ru
Tue Mar 14 04:07:01 PST 2006


On Tue, 14 Mar 2006 15:13:21 +0600, Ric Hardacre <ric at hardacre.org> wrote:

>> Yes... but there's a need for allowing the parent document control  
>> sandboxed content. Therefore, it needs a new parameter, for example:  
>> getElementById(string id, bool search_in_sandbox). Isn't that changing  
>> the getElementById function? Of course this only a way, it could  
>> probably be done differently, without changing the function(s).

> perhaps:
>
> <body>
> <div id="id">
> 	DIV1
> </div>
> <sandbox id="mysandbox" >
> 	<div id="id">
> 		DIV2
> 	</div>
> </sandbox>
> </body>
>
> from outside the sandbox:
>
> e = document.getElementById( "id" );
> //e = DIV1
>
> eMSB = document.getElementById( "mysandbox" )
> e = eMSB.getElementById( "id" );
> //e = DIV2
>
> from within the sandbox:
>
> var e = document.getElementById( "id" );
> //e = DIV2

That's exactly what I meant.


-- Opera M2 9.0 TP2 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]  
<alexey at feldgendler.ru>



More information about the whatwg mailing list