Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should the “DOM clobbering” note mention the id attribute as well? #6076

Open
simevidas opened this issue Oct 16, 2020 · 5 comments
Open

Should the “DOM clobbering” note mention the id attribute as well? #6076

simevidas opened this issue Oct 16, 2020 · 5 comments
Labels
clarification Standard could be clearer good first issue Ideal for someone new to a WHATWG standard or software project

Comments

@simevidas
Copy link

Two years ago, the HTML Standard added a note about the issue of accidentally overriding built-in DOM properties with the name attribute on inputs.

Commit: d661e87
Spec section: https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attributes-common-to-form-controls

I have recently noticed that this issue exists with the id attribute as well. The following example is the same example as in the spec, except that I replaced input.name with input.id:

let form = document.createElement("form");
let input = document.createElement("input");
form.appendChild(input);

console.log(form.method);           // => "get"
input.id = "method"; // DOM clobbering occurs here
console.log(form.method === input); // => true

Demo: https://jsbin.com/zehajuh/edit?js,console

This issue happens in all three major browser engines (Chrome, Safari, Firefox).

Should the spec note be updated to say “Avoid using the names of built-in form properties with the name and id content attributes”?
@TimothyGu
Copy link
Member

TimothyGu commented Oct 17, 2020
edited
Loading

@simevidas Good catch! Do you want to make a pull request to address this?

@annevk annevk added good first issue Ideal for someone new to a WHATWG standard or software project clarification Standard could be clearer labels Oct 24, 2022
@mohit-marathe
Copy link

@annevk I have made a PR here
#8474 (comment)

@Mikiale10

This comment was marked as spam.

Sign in to view
@Sage-2001

This comment was marked as spam.

Sign in to view
@AtharvShinde2004
Copy link

AtharvShinde2004 commented Feb 14, 2024
edited
Loading

Issue Summary:
I have observed an issue where unintentional overrides of built-in DOM properties occur when using the 'id' attribute on form elements, similar to the issue noted with the 'name' attribute [reference to the original issue]. This behavior is consistent across major browsers (Chrome, Safari, Firefox).

Proposed Solution:

  1. Developers should avoid using names that conflict with built-in DOM properties when assigning values to the 'id' attribute of form elements.
  2. I recommend updating the HTML specification note to explicitly mention both the 'name' and 'id' attributes when advising against using names of built-in form properties. This will help prevent unintentional overrides and improve clarity for developers.

Updated Note in HTML Specification:
Note: Developers should avoid using names of built-in form properties with the 'name' and 'id' content attributes to prevent unintentional overrides of these properties.

Additional Actions:
Encourage educational resources to highlight this best practice and raise awareness among developers about the potential issues associated with using reserved names.

Looking forward to feedback and discussion on this proposal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clarification Standard could be clearer good first issue Ideal for someone new to a WHATWG standard or software project
Milestone
No milestone
Development

No branches or pull requests
7 participants
@simevidas @TimothyGu @annevk @Sage-2001 @mohit-marathe @AtharvShinde2004 @Mikiale10