Martin Gregorie wrote:

> On Sat, 15 Aug 2020 11:28:24 +0200, Deloptes wrote:
>
>> It is not an injection. The server can not inject anything in clients
>> HTML unless there is something in the HTML that would pull the
>> "injection" and this is most likely the JavaScript code.
>>
> Disagree. A server extension can do almost anything it wants to an HTML
> page before it is sent including, but not limited to, fiddling with CSS
> settings and adding Javascript, PHP, links and text to the page the
> server is about to send.
>

You still do not understand? HTML can be static or dynamic. The latter is
generated on the server. It doesn't matter what extention is used to
generate the code. HTML code can not inject anything by itself.

> Try reading the manual for one of the web servers: Apache, Ngnx, etc. Pay
> attention to their possible extensions. You may be surprised at what's
> possible. And, while you're at it, take a look at what PHP and Javascript
> can do if run server-side.
>

Perhaps you ask me if I have read it first, but anyway you misunderstood the
point.

> Since all this can be done in the server, you need to know what the page
> looked like before it was selected for transmission in order to know if
> it has been modified by the server.
>

Still misconception of what is happening in reality.

> I run the Apache HTML server to serve reference material, etc on my LAN.
>

So what?

>> Statements like yours confused me in the beginning. AFAIK the Web is
>> still request/response based, so something is doing the request and
>> getting the response on your client PC.
>>
> Yes, but you're assuming on zero evidence that a web page as sent is
> identical to what the HTML server read from disk.
>

I assume yes, because it is how it should work. You get exactly this in the
browser what the server is sending to you. It is HTML with embedded CSS and
JavaScript and who knows what else, but you get it from the server right?

> While that's true for most personal websites, it isn't the case for pages
> sent by internet search engines, online shops, banks and Wikipedia (their
> periodic appeals for donations are certainly not part of the page as
> stored in the data centre). Pages sent by these sites are built or
> modified on demand by code running in the web server or in an application
> process that the web server calls to build the page.
>

Why should it be modified? It assumes the author of the site does not know
what is provided to the customer with the site. It is not like this. The
one organization or company (A) running the web sites signs a contract with
another company (B) to track customers activities. B provides A with
(usually) a javascript code that A embeds into the code of the web site (be
it static or dynamic). At the end the customer (browser) gets the HTML from
A with the embedded code from B and all win. They all win, because the
customer willingly participates in this game.

>> I guess it would be a piece of code inside the browser that
>> is requesting the information from the server and displaying
>> notification if you have opted in.
>
> No sir. A browser ONLY displays information contained in the page it was
> sent by the HTML server. If the page contains HTML tags that reference
> external items such as images and videos, these are read and displayed
> where they appear in the page. If the server has injected links to
> adverts these are also fetched and displayed: the browser doesn't know
> what such a link points to, only whether it can be displayed or not.
>

The server can not inject anything without being told to. You are making up
a story as if there is some external force adding something to a web page.
It is the author of the web  page doing this.

> This is exactly the same process the browser uses to display pictures and
> videos that the page's author wanted to show you: all are referenced by
> HTML tags in the page body.
>
> Of course this assumes you're not running an ad blocker: all these do it
> to recognise advertiser URLs in a page and prevent them from being
> accessed or displayed.

I am not sure you understand correctly how all this works. Just to reach
some common ground, I learned HTML in 1998 as part of university studies.
Later I worked a lot with servers, compiled php extentions and learned php
around 1999 and 2001. Last thing I learned few years ago was the Symfony
Framework. I don't pretend to be an expert in web development, but I think
at least I know how it works and where it is going.

--- SoupGate-Win32 v1.05