Am I the only one who doesn't see the point in having this kind of names for IDs/classes ?
Obfuscation maybe? That, off course, doesn't make much sense with tools like Firebug :)
It might be useful for programmers in other languages, so they don't have to either come up with english names, less descriptive names ("id1"), transliterating words, or replacing letters with "similar" ones ("O" or "OE" for "Ø")
Funnily enough, I just registered here, trying to use my first name Øystein, and what did ol' hackernews tell me? "Usernames can only contain letters, digits, dashes and underscores"
When a form containing <input type="text" name="foo" value="bar"> is submitted, $_POST['foo'] === 'bar' in PHP. (And it works similarly for other server-side programming languages.)
I find it aesthetically displeasing, and I'm not convinced that abusing the class attribute to store metadata is "more correct" than just adding your own attributes which.
It can be used for obfuscation, making it a little bit harder to decode a CSS, HTML and JavaScript. Also this can be a good compression method. (Assuming you parse CSS and JavaScript)
I bet it can also be an XSS attack vector. Imagine that there is some piece of jQuery-based code that evaluates selectors based on the ID attribute of a given element (e.g. for this element find all the related ones):
$('.' + div.attr('id')).each(function() {
$('body').append($(this); // Moving elements
});
Now imagine that I give the id attribute the following id: 'nada,<script src="evil.js"></script>'
Good point! To be perfectly safe, `$div.attr('id')` should be escaped before it’s used. I’m not sure in how many browsers this could be a problem though.
FYI, the `.append` line is missing a closing `)`. Also, you probably don’t want to use `$(this)` in that case, you could just use `this`.
Oops! Thanks for pointing out the closing ). Both '$(this)' and 'this' work, and I just use the former most of the time. I suppose you are right though since $(this) would take longer. On the other hand, I wouldn't be surprised if the HTML element was immediately converted to a jQuery object by append() before anything else is done anyways.
As for the escaping, how would we do that? jQuery specifically allows something like $('<div/>'). As far as I know, it does not have an escape character to prevent that. My point is that that character would need to be added to jQuery and other libraries that have the same function for fetching DOM elements and creating them. Obviously, in raw JavaScript this is not a problem since there it's two different methods (document.getElementById and document.createElement).
Isn’t escaping usually done with a backslash (`\`) instead of a forward slash (`/`)? I don’t see how something like `$('<div />');` could interfere with that.