Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yet all my pages were being served with the following <script> injected into them just before the closing </html> tag...

The free hosts I used many years ago would do something similar, with no way to opt out --- that is, until I figured out they were just detecting the '</html>' and inserting before it.

Combine that knowledge with the fact that the closing tag of the HTML element is optional, and you can guess what I did pretty easily. ;-)



I remember those times. They were beautiful. I could spent hours trying to search for the best free webhosting that includes PHP, MySQL and Phpmyadmin, and didnt fill my website with popups or banners at the top/bottom of the webpage.


The good ol days :)


If you want valid HTML, and if they aren't parsing the DOM, then the following would likely work as well:

<!--

</html>

-->


It’s valid to omit </html> (<html> too, for that matter).


The idea is to have the mangler see </html> and inject their garbage right above it--into a comment.

Unrelatedly, <html> is surprisingly hard to omit if you want to properly set the lang attribute.


Any element can accept `lang` attribute, though. You can put it on the `<body>` element, but it wouldn't be as "proper".

https://www.w3.org/International/questions/qa-html-language-...


It's actually pretty easy to omit <body> (and <head>), so you don't gain anything from this anyway, either.


You can omit the closing tag.


Hmpf, didn't know that, thanks! Very strange, however.


Some hosts didn't even bother with this. I used a PHP host who ran another script after serving the hosted one, but it you used `die()` you could skip any other fluff they included.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: