[whatwg] The problem of duplicate ID as a security issue
lachlan.hunt at lachy.id.au
Thu Mar 16 06:17:25 PST 2006
Alexey Feldgendler wrote:
>> I think enforcing ID uniqueness in standards mode would be good, but
>> that would still probably break (very?) few pages. Those web authors
>> should have to "live with it", because they want standards-compliant
> I'm not speaking about enforcing ID uniqueness at the time of parsing
> the page, but only at the time of calling getElementById(). I believe it
> will break very few pages, if any.
Actually, I'm sure it would unnecessarily break many sites.
> Usually in such applications the scripts don't call getElementById() for
> those ID values which occur more than once. If they occasionally do,
> it's really a programming bug. I don't believe that there are
> applications that really rely on the particular behavior in this case,
> though I admit that there are possibly some that have this bug unnoticed
> and still work. I think that this case should trigger an exception in
> standards mode because, for this bug, there is no obvious fix to apply,
I don't. getElementById is already defined and implemented to deal with
duplicate IDs, there's no need to redefine it in a way that isn't
backwards compatible with existing sites.
More information about the whatwg