Faulty JavaScript works in WebSEAL environment?

I have a form in an HTML page. The form contains a select element with name="titleBody" and id="searchModeSelector". The select element contains 2 options with values. The form's onsubmit calls a JavaScript function, which contains a line that gets the value of this select element...
var thisValue = f.document.getElementById("titleBody").value;
...where f is the form in the HTML page.

Normally, this line fails because there is no element with an id of "titleBody." (Note that the element's name is "titleBody", but not the id.) So it's trying to get "value" from a null reference.

Now, here's the weird part: When a WebSEAL server is used for authentication, this works perfectly. What's going on?

I habe no idea how this would ever work... the f is completely unnecessary.

Bear Bibeault wrote:I habe no idea how this would ever work... the f is completely unnecessary.

I'm not sure why the original (vendor-supplied) script used f. The page is buried in frames, and they drilled back down from the top to get it...
var f = top.section.content.document.frmAdvSearch;
But what I really don't understand is how getElementById can work if there's nothing with that id. That should fail every time.

It's been this way for over a year, and we just caught it over the weekend when we moved to a new server. Initial testing without WebSEAL revealed the problem. When I found it, I suspected that the wrong files had been transferred, because that code should never work. But these were the correct files, and as soon as WebSEAL was applied, it all worked.

Taking the code at face value, and working under the assumption that the writer of the code knew what he/she was doing, that suggests that "f.document" and "document" aren't the same thing in this context. Which means that "f.document" could be some kind of object which conflates the "id" and "name" attributes of the elements in the form which it's a property of. Which would mean that the code doesn't fail in this context.

As for why authenticating via WebSEAL would cause this context to exist: sorry, I don't know anything about WebSEAL. Could it cause different Javascript to be loaded? Something which gimmicked the Form object, for example?

Ah, yes. In that case the f makes sense even if it's a lousy variable name.