TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: AXEL BERGER
from: A. DUMAS
date: 2020-08-16 09:18:00
subject: Re: Lightweight Browser
On 16-08-2020 03:05, Axel Berger wrote:
> We're beginning to lose ourselves into semantics here.

Yes, I'm quite sure we all know how it works. Let me try & summarise:
- The server can pass through a static html file (which may contain any
number of client-side scripts). The only thing it "injects" are http
headers. I wouldn't call this injection.
- The server can partly or completely generate the page using Node, PHP,
ASP, Perl, SSI, etc. It can send & receive & "inject" anything from any
other server, but it will ultimately arrive as static html (with or
without client-side scripts). I wouldn't call this injection, unless
some remotely received data is not what the web developer thought it
would be, which is probably bad, but which the developer should have
anticipated. Always clean your input from any source.
- The server may post-process the generated page and inject stuff. For
example, banners for "Made on Shitty Service, Inc." on an otherwise free
homepage service. This is unfortunate because it modifies the page as
the web developer intended it for you, and you may get ads and trackers
which can hopefully be blocked by a client-side ad blocker. I would call
this injection, but it's probably not too bad unless the server is
malicious or it has been taken over by someone malicious.
- Someone along the way (ISP, government, café wifi system, "hacker")
can modify the stream and inject stuff. This is the ugliest sort of
injection.
- The static html can contain client-side scripts (javascript) or links
to external sources (like iframes or even seemingly static images)
which, if allowed by the client, can run and modify and load anything
from any server. There are *some* restrictions in modern browsers but
this can get very ugly. On the other hand, this is how "web apps"
operate nowadays: transfer a skeleton html file plus a set of scripts,
load the important stuff afterwards (like your email, if it's an email
web viewer). So it's probably injection but if it's legit and as
intended, then :shrug:

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.