[whatwg] The problem of duplicate ID as a security issue

Mihai Sucan mihai.sucan at gmail.com
Thu Mar 16 11:49:58 PST 2006


Le Thu, 16 Mar 2006 17:18:54 +0200, Mihai Sucan <mihai.sucan at gmail.com> a  
écrit:

<...>
> Yet getElementById is defined as [2]:
>
> <blockquote>
> 	Returns the Element that has an ID attribute with the given value. If  
> no such element exists, this returns null.
> 	If more than one element has an ID attribute with that value, what is  
> returned is undefined.
> </blockquote>
>
> Therefore... the appropriate behaviour for  
> getElementById("duplicate-ID") is to return null.
<...>

Mistake reported by Jim Ley on IRC:

What getElementById('duplicate-ID') returns is undefined according to the  
DOM3Core recommandation. This is an error affecting the entire reply.  
Apologies.

IMHO, DOM 2 Core has a better wording in regards to this: "behavior is not  
defined if more than one element has this ID". It's much clearer.

-- 
http://www.robodesign.ro
ROBO Design - We bring you the future



More information about the whatwg mailing list