Should the “DOM clobbering” note mention the id attribute as well? · whatwg/html#6076

(5 comments) (0 reactions) (0 assignees)HTML (7,654 stars) (2,520 forks)batch import

clarificationgood first issue

Description

Two years ago, the HTML Standard added a note about the issue of accidentally overriding built-in DOM properties with the name attribute on inputs.

Commit: https://github.com/whatwg/html/commit/d661e874760bb1a4fc0634e6f01e5c02b8c8c1fe Spec section: https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attributes-common-to-form-controls

I have recently noticed that this issue exists with the id attribute as well. The following example is the same example as in the spec, except that I replaced input.name with input.id:

let form = document.createElement("form");
let input = document.createElement("input");
form.appendChild(input);

console.log(form.method);           // => "get"
input.id = "method"; // DOM clobbering occurs here
console.log(form.method === input); // => true

Demo: https://jsbin.com/zehajuh/edit?js,console

This issue happens in all three major browser engines (Chrome, Safari, Firefox).

Should the spec note be updated to say “Avoid using the names of built-in form properties with the name and id content attributes”?

Contributor guide

Tech stack: None
Domain: documentation
Issue type: documentation
Difficulty: 2
Estimated time: under 1 hour
Activity status: stale
Clarity: clear
Prerequisites: DOM clobberingHTML spec editing
Newbie friendliness: 75
Research direction: Review the existing spec note at the linked section (https://html.spec.whatwg.org/multipage/form control infrastructure.html#attributes common to form controls) and the commit that added the initial note (https://github.com/whatwg/html/commit/d661e874760bb1a4fc0634e6f01e5c02b8c8c1fe). Verify that the id attribute causes the same clobbering across browsers using the provided demo. Then propose updated wording that includes the id attribute alongside the name attribute.