[whatwg] The problem of duplicate ID as a security issue

Alexey Feldgendler alexey at feldgendler.ru
Fri Jun 8 00:39:17 PDT 2007


On Fri, 08 Jun 2007 08:13:07 +0200, Ian Hickson <ian at hixie.ch> wrote:

>>> True. I don't have a good solution to this that doesn't involve code  
>>> on the server-side, though.

>> Some form of sandboxing would be one.

> If sandboxing would solve it then I'll treat this issue as closed and  
> deal with the sandboxing problems separately.

Only some form of sandboxing would solve this, not any form. To solve this  
issue, the sandboxing solution has to meet additional an requirement:  
addressability of content in sandboxes, possibly using a qualified form  
(e.g. URL#sandboxID+innerID).


-- 
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com



More information about the whatwg mailing list