Should “Naming form controls” section include a warning about names overriding form properties?

[simevidas]

Example:

  <form>
    <input name="tagName">
    <input name="nodeType">
    <input name="parentElement">
    <input name="children">
    <input name="onsubmit">
    <input name="clientWidth">
    <input name="noValidate">
    <input name="method">
    <input name="action">
  </form>

This will effectively break all the corresponding form properties, e.g. form.tagName will refer to the input, instead of returning "FORM". This can cause bugs, so I’m wondering if the spec should actively warn against this.

Maybe it would make sense to add a warning to the “Naming form controls” section, to make sure that authors don’t create form controls with names that would collide with built-in form properties.

[domenic]

This makes sense to me. Would you be interested in submitting a pull request?

[mathiasbynens]

While we’re adding warnings, let’s explicitly point out that DOM clobbering is a common cause of security issues (not just harmless bugs).

[donovanglover]

Just tested this and agree that the behavior can be problematic. I'm not sure how the HTML spec relates to Element.name being used as a JavaScript identifier, but there should be at least one remark addressing this behavior nonetheless.

Should these additions be done with <p class="note"> or something else instead?

[annevk]

@gloverdonovan the behavior follows from the OverrideBuiltins declaration on HTMLFormElement coupled with that interface defining a getter.

A note is probably sufficient for this. I don't think it needs to be class="warning". However, given that you probably want to explain it, you might want to use <div> with multiple paragraphs in it and an example.