-
Notifications
You must be signed in to change notification settings - Fork 0
/
extra_props_document.html
86 lines (77 loc) · 3.49 KB
/
extra_props_document.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<title>Unsafe Names for HTML Form Controls - Extra Properties: Document</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta name="author" content="Garrett Smith">
<link rel="Start" href="./">
<link rel="stylesheet" href="../faq.css" type="text/css" media="all" charset="iso-8859-1">
<link rel="stylesheet" href="names.css" type="text/css" media="all" charset="iso-8859-1">
</head>
<body>
<h1>Unsafe Names for HTML Form Controls</h1>
<h2>Extra Properties: <code>document</code></h2>
<h3>Non-Standard Named Properties</h3>
<p>
A browser may add a property to the <code>document</code> for each named
(or <code>id</code>'d) FORM element, IMG, or possibly any other element.
Alternatively, the same
browser may implement a specialized <code>[[Get]]</code> method to find the property.
</p>
<form action="" id="testFormID" name="testFormName">
<pre>
<form action="" id="testFormID" name="testFormName">
</form>
</pre>
<button class="evaluator" onclick="this.nextSibling.firstChild.data = eval(this.firstChild.data);return false"
>'testFormID' in document</button
><span> </span>
<button class="evaluator" onclick="this.nextSibling.firstChild.data = eval(this.firstChild.data);return false"
>'testFormName' in document</button
><span> </span>
<img name="testImgNAME" src="" alt="404" style="z-index: -1;position:relative;">
<pre>
<img name="testImgNAME" src="">
</pre>
<button class="evaluator" onclick="this.nextSibling.firstChild.data = eval(this.firstChild.data);return false"
>'testImgNAME' in document</button
><span> </span>
<a name='testLinkNAME' style="z-index: -1;position:relative;">link</a>
<pre>
<a name='testLinkNAME'>link</a>
</pre>
<button class="evaluator" onclick="this.nextSibling.firstChild.data = eval(this.firstChild.data);return false"
>'testLinkNAME' in document</button
><span> </span>
</form>
<h3>Non Standard</h3>
<p>
Accessing objects from the <code>document</code> collection is not standard and unsafe.
</p>
<p>
The extra properties added to <code>document</code>
can cause problems with Event Handler Content Attributes as we will see later on.
</p>
<div id="toc">
<h4>Table of Contents</h4>
<ul class="pagination linkList">
<li><a href="./index.html">Introduction</a></li>
<li><a href="extra_props.html">Extra Properties: <code>FORM</code> Elements</a></li>
<li>Extra Properties: <code>document</code></li>
<li><a href="extra_props_global.html">Extra Properties: <code>global</code></a></li>
<li><a href="event_handler.html">Event Handler Scope</a></li>
<li><a href="api_design.html">API Design?</a></li>
<li><a href="unsafe_names.html">Unsafe Names</a></li>
<li><a href="conclusion.html">Conclusion</a></li>
</ul>
</div>
<ul id="nextLink" class="linkList">
<li>
<span class="prev">Previous:</span> <a href="extra_props.html">Extra Properties: <code>FORM</code> Elements</a>
</li>
<li>
<span class="next">Next:</span> <a href="extra_props_global.html">Extra Properties: <code>global</code></a>
</li>
</ul>
</body>
</html>