diff --git a/source b/source index 5361f494458..a952b8e0361 100644 --- a/source +++ b/source @@ -59478,7 +59478,8 @@ interface HTMLSelectedContentElement : HTMLElement

DOM clobbering is a common cause of security issues. Avoid using the names of - built-in form properties with the name content attribute.

+ built-in form properties with the name and id content attributes.

In this example, the input element overrides the built-in method property:

@@ -59491,9 +59492,23 @@ form.method; // => "get" input.name = "method"; // DOM clobbering occurs here form.method === input; // => true -

Since the input name takes precedence over built-in form properties, the JavaScript reference - form.method will point to the input element named "method" - instead of the built-in method property.

+

The same issue occurs with the id attribute and the enctype property:

+ + 
let form = document.createElement("form");
+let input = document.createElement("input");
+form.appendChild(input);
+
+form.enctype;           // => "application/x-www-form-urlencoded"
+input.id = "enctype";   // DOM clobbering occurs here as well
+form.enctype === input; // => true
+ +

Since the input name and id + take precedence over built-in form properties, the JavaScript references form.method and form.enctype will point to the + corresponding input elements instead of the built-in method and enctype + properties.