惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
雷峰网
雷峰网
Recent Announcements
Recent Announcements
月光博客
月光博客
G
Google Developers Blog
腾讯CDC
S
Secure Thoughts
大猫的无限游戏
大猫的无限游戏
T
Tenable Blog
云风的 BLOG
云风的 BLOG
W
WeLiveSecurity
博客园 - 【当耐特】
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 聂微东
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
P
Privacy International News Feed
MyScale Blog
MyScale Blog
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
aimingoo的专栏
aimingoo的专栏
I
Intezer
Vercel News
Vercel News
小众软件
小众软件
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
Latest news
Latest news
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tor Project blog
S
Security Affairs
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
博客园 - Franky
C
Cyber Attacks, Cyber Crime and Cyber Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
美团技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
Security @ Cisco Blogs
L
LINUX DO - 热门话题
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
D
Docker
L
Lohrmann on Cybersecurity
F
Full Disclosure

Mathias Bynens

A horrifying globalThis polyfill in universal JavaScript JavaScript engine fundamentals: optimizing prototypes JavaScript engine fundamentals: Shapes and Inline Caches Asynchronous stack traces: why await beats Promise#then() ECMAScript regular expressions are getting better! Unicode property escapes in JavaScript regular expressions ES2015 const is not about immutability Valid JavaScript variable names in ES2015 Unicode-aware regular expressions in ES2015 Dear Google, please fix plain text emails in Gmail PBKDF2+HMAC hash collisions explained JavaScript has a Unicode problem Processing Content Security Policy violation reports Hiding JSON-formatted data in the DOM with CSP enabled Loading JSON-formatted data with Ajax and xhr.responseType='json' Reserved keywords in JavaScript How to support full Unicode in MySQL databases How to speedrun Dropbox’s Dropquest 2012 Unquoted font family names in CSS Unquoted property names / object keys in JavaScript Valid JavaScript variable names in ES5 CSS character escape sequences JavaScript’s internal character encoding: UCS-2 or UTF-16? The smallest possible valid (X)HTML documents JavaScript character escape sequences JavaScript foo.prototype.bar notation Ambiguous ampersands HTML element + attribute notation How I detect and use localStorage: a simple JavaScript pattern Unquoted attribute values in HTML and CSS/JS selectors The end-tag open (ETAGO) delimiter Using the oninput event handler with onkeyup/onkeydown as its fallback Everything you always wanted to know about touch icons In defense of CSS hacks — introducing “safe CSS hacks” AirPlay video support in iOS Safari — a bookmarklet Completing Dropbox’s Dropquest 2011 in 60 seconds How to create simple Mac apps from shell scripts Using setTimeout to speed up window.onload Bulletproof JavaScript benchmarks Thoughts on Safari Reader’s generated HTML How to enable Safari Reader on your site? The XML serialization of HTML5, aka ‘XHTML5’ The id attribute got more classy in HTML5 The three levels of HTML5 usage The HTML5 document.head DOM tree accessor Bulletproof HTML5 <details> fallback using jQuery Displaying hidden elements like <head> using CSS Inline <script> and <style> vs. external .js and .css — what’s the size threshold? Using Showdown/PageDown with and without jQuery
Using CSS without HTML
Mathias · 2010-12-14 · via Mathias Bynens

Note: The following article was originally published on CSS-Tricks as a guest post.

A few days ago, Chris tweeted:

If we could stack pseudo elements (e.g. :after:after) we could build a whole website with no HTML other than <html>. Probably good we can’t.

(Technically, we can, although no browser has implemented this yet. This feature been removed from the draft version of the spec.)

In response to this, I created this quick demo (view in Firefox or Opera ≤ 12), illustrating that technically you don’t need any HTML at all to use CSS.

When viewing the HTML source of the demo page, all you get is an empty document.

Since this demo apparently caused some confusion, I decided to write an article about it.

Basically, all this magical demo does is combine two nifty little tricks most people don’t seem to know about.

Some HTML elements are implied

The opening and closing <html>, <head> and <body> tags aren’t required in HTML. The following document is perfectly valid and conforming:

<!DOCTYPE html>
<title>Example</title>

For brevity, this code sample uses the HTML5 DOCTYPE, but don’t let that confuse you — if you’d switch to the HTML 4.01 DOCTYPE and append just a starting <p> tag, for example, the document would still validate.

(Obviously, XHTML has a much stricter syntax, which doesn’t allow omitting optional start and/or end tags. But anno 2010, who’s still using XHTML anyway?)

When a browser renders our example document, it notices the <html>, <head> and <body> elements are missing from the source, and — wait for it — automatically generates them. You can confirm this by opening the demo page and inspecting the generated source using Firebug, the Web Inspector, or Opera Dragonfly.

Because these elements are implied, they can also be styled through CSS, regardless of whether they occur in the source code or not. Consider the following example:

<!DOCTYPE html>
<title>Example</title>
<style>
	html {
		background: red;
	}
	body {
		background: blue;
		margin: 0 auto;
		width: 30em;
	}
</style>

Even though there’s no mention of the <html> and <body> elements in the HTML source, we can still style them because browsers generate them automatically.

You can verify this yourself by inspecting the document using your favorite browser’s developer tools.

Basically, this is the first trick I used; I just took it one step further. I didn’t bother to specify a DOCTYPE, let alone a <title>, and simply used no HTML at all. Never, ever do this for a real website.

Because of the missing DOCTYPE, the document will be rendered in quirks mode instead of standards mode. It goes without saying that the document won’t validate either.

Even with a completely empty HTML document, browsers will still auto-generate the implied HTML elements.

(Interesting sidenote: it’s also possible to style hidden elements such as <head>, <title>, <meta>, <script>, etc.)

RFC 5988 defines the Link HTTP header, which allows you to send <link> elements through HTTP headers instead of including them in the HTML. To give you an example, you can serve a document with the following HTTP header:

Link: <some-document.html>;rel=prefetch

…which would have the same effect as placing this in your HTML:

<link href="some-document.html" rel="prefetch">

Similarly, RFC 5988 makes it possible to include stylesheets in an HTML document using nothing but an HTTP header:

Link: <magic.css>;rel=stylesheet

Which is equivalent to…

<link href="magic.css" rel="stylesheet">

Well, that’s the theory. In practice, not a lot of browsers implement the Link header. At the time of writing, only Opera and Firefox support this little gem.

If you’re interested to see how browser support for this feature will improve over time, you can subscribe to the bug reports for WebKit (Chromium has separate bug tickets for the CSS and the general variant) and Internet Explorer.

By your powers combined…

Getting back to our fun little HTML-free demo (view in Firefox or Opera ≤ 12), basically what I did was combine the above two “tricks”. Here’s the CSS:

html { background: #666; padding: 1em; }
body { border: 5px dashed #eee; color: #fff; font: 3em/1.5 sans-serif; padding: 1em; width: 30em; margin: 0 auto; }
body::after { content: 'O HAI! Have a look at my source code :)'; /* This needs to be on the ::after (and not just on `body`) for it to work in Firefox 3.6.x. */ }

The empty HTML document is actually a PHP file that sets the Link header. (Of course, there are other ways to do this, too.)

<?php header('Link: <demo.css>;rel=stylesheet'); ?>

Disclaimer

As mentioned, these techniques are fun tricks, and it’s definitely good to know they exist. However, it wouldn’t be a good idea to use these in practice. The no-HTML ‘hack’ is all kinds of evil, and no web developer would seriously consider using this for a real site.
The Link HTTP header is a lot more interesting. The only reason this can’t really be used yet, is lack of browser support. Maybe one day…

Kudos to Anne van Kesteren for teaching me about the Link header back in 2005 :)