[ducharmdev]

Woah, no way. Although I could see this being abused, it's amazing that this even works.

[esnard]

It has been abused to allow remote code execution in LastPass, a password manager.

https://bugs.chromium.org/p/project-zero/issues/detail?id=12...

[JimDabell]

You could also crash Internet Explorer 6 simply by including an element with id="tags" on the page. When the user chose to print the page out, the browser would try to access window.tags, find the element instead of what it was expecting to find, and give up.

[flomo]

This was the standard way of DOM touching in the early days, e.g.

  FormName.FieldName.value = "foo";

[vgallur]

There are XSS attacks abusing this behaviour named DOM Clobbering

https://portswigger.net/research/dom-clobbering-strikes-back