On Wed, 15 Mar 2006 02:42:27 +0600, Mihai Sucan <[EMAIL PROTECTED]>
wrote:
I've made a short "investigation" regarding how browsers behave with
document.getElementById('a-duplicate-ID').
The page:
http://www.robodesign.ro/_gunoaie/duplicate-ids.html
Take a close look into the source (I've provided comments) to understand
what the "Click me" tests and what it shows. You'll see major browsers
I've tested behave the same: like with a queue, the last node that sets
the duplicate ID is also the node that's returned when you use
getElementById function.
Unfortunately we can't change it in a backwards-compatible way (though we
probably can define a stricter behavior for <!DOCTYPE html> only).
Seems like sandboxes as security barriers are the only solution to the
duplicate ID problem as a security thread -- at least the only one I can
think of.
-- Opera M2 9.0 TP2 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]
<[EMAIL PROTECTED]>
