Bug 81972

Summary: Consider making the global scope pollution by names/ids quirks-only
Product: WebKit Reporter: Jonas Sicking <jonas>
Component: WebCore JavaScriptAssignee: Nobody <webkit-unassigned>
Status: UNCONFIRMED ---    
Severity: Normal CC: annevk, ap, darin, fishd, ian, mjs
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Jonas Sicking 2012-03-22 14:51:35 PDT 
Hi All,

All browsers currently do things which cause window.foo to return <a name=foo>. While this is convenient, it means that using global variables is pretty error-prone since modifications to the DOM can make global variables appear and disappear. Basically it means that global variables share namespace with various elements in the DOM.

In Gecko this behavior is limited to quirks mode only. That way we at least reduce the risk of bugs for pages in standards mode.

There was a bug filed against the HTML5 spec to limit this to quirks only, however the request was denied, in large part because webkit doesn't limit behavior to quirks mode.

https://www.w3.org/Bugs/Public/show_bug.cgi?id=11960

In Gecko we've had very few problems with limiting this to quirks mode, though Microsoft claims that they would see more breakage if they made this change and so they have so far resisted (see bug above).

However recently microsoft wrote a demo which relied on the global scope polluter in standards mode, and since we so far have seen very little support from other browser vendors for the Gecko solution, we are now considering changing gecko. However if we can get support from safari and chrome to remove the global scope polluter in standards mode, we would be able to stick to our current solution and hopefully we can persuade Hixie to change the spec.

Anne recently filed a bug on Opera so hopefully we can see a change there too.
Comment 1 Ojan Vafai 2012-03-22 16:15:33 PDT 
Maciej, Darin, would you be OK with trying this out?

I'm OK with experimenting with limiting this to quirksmode. I can easily believe that limiting this behavior would fix more content than it would break. No meaningful way to get concrete evidence one way or another though without just pushing the change to real users.

I know Google apps have had a number of production releases that needed to be rolled back due to this behavior. For example, the Closure JavaScript compiler and CSS compiler would create shortened names that conflicted. These sorts of bugs are very hard to diagnose and very difficult to avoid.
Comment 2 Alexey Proskuryakov 2012-03-23 12:19:06 PDT 
Seems extremely unlikely that this could be done without making many users unhappy.
Comment 3 Jonas Sicking 2012-03-23 12:24:02 PDT 
In what sense? Because you think this is a feature that they'd like, or because this would break existing content?

Ojan has much more experience on the first point, but my perception is that the global scope polluter is nice when you're just prototyping stuff, but makes applications very bug-prone when you start getting bigger applications.

As for breaking existing content. Like I said, Gecko has not had a global-scope-polluter in any released version and so far we've only had two bugs filed against us because of it.

IE claims that they know of content that depend on it, but it sounded like it was in IE-specific code paths. I'm also not sure if they actually know of content of content, or if they are just concerned that things *might* break.