logoalt Hacker News

somethingsome05/03/20254 repliesview on HN

I'm not an expert on this but IMO, from a language point of view, HTML is a markup language, it 'must' have no logic or processing. It is there to structure the information not to dynamically change it. Nor even to display it nicely.

The logic is performed elsewhere. If you were to have includes directly in HTML, it means that browsers must implement logic for HTML. So it is not 'just' a parser anymore.

Imagine for example that I create an infinite loop of includes, who is responsible to limit me? How to ensure that all other browsers implement it in the same way?

What happens if I perform an injection from another website? Then we start to have cors policy management to write. (iframes were bad for this)

Now imagine using Javascript I inject an include somewhere, should the website reload in some way? So we have a dynamic DOM in HTML?

Replies

naasking05/03/2025

> from a language point of view, HTML is a markup language, it 'must' have no logic or processing.

Client-side includes are not "processing". HTML already has frames and iframes which do this, just in a worse way, so we'd be better off.

show 1 reply
omoikane05/03/2025

> an infinite loop of includes

We can probably copy the specs for <frameset> and deal with it the same way:

https://www.w3.org/TR/WD-frames-970331#:~:text=Infinite%20Re...

    Any frame that attempts to assign as its SRC a URL used by any of its ancestors is treated as if it has no SRC URL at all (basically a blank frame).
> How to ensure that all other browsers implement it in the same way?

Browsers that don't implement the specs will eventually break:

https://bugzilla.mozilla.org/show_bug.cgi?id=8065

DemocracyFTW205/04/2025

I feel like most of your answer is invalidated by

* the actual existence of frames (although those are deprecated)

* iframes (which are not deprecated, so seemingly doing declarative inclusion of HTML in HTML was not what was wrong with frames)

* imports in CSS, which share some of the same problems / concerns as HTML imports

* the existence of JavaScript with its ability to change anything on the page, including the ability to issue HTTP requests and be written arbitrarily obfuscated ways.

lenkite05/03/2025

There is a very, very broad line in that "no logic or processing". HTML/CSS already do a lot of logic and processing. And many "markup languages" have include support. Like wikitext used in wikipedia and includes in Asciidoc.