24Eki
Dom Clobbering methods on the document object
I'm struggling to understand how this flavor of dom clobbering actually works.
The green box at the top of this section of the HTML spec makes it pretty clear why I can access HTML elements as global variables on the window object. What I don't understand is why, in chrome, setting a tag's name attribute will overwrite javascript methods. For example,
<img name=getElementById>
I get
document.getElementById()
VM5014:1 Uncaught TypeError: document.getElementById is not a function
Can someone help me understand how the name attribute of an img tag overwrites methods on the document object?
Thanks!
