logoalt Hacker News

dwheeler05/03/20254 repliesview on HN

HTML was historically an application of SGML, and SGML could do includes. You could define a new "entity", and if you created a "system" entity, you could refer to it later and have it substituted in.

    <!DOCTYPE html example [
      <!ENTITY myheader SYSTEM "myheader.html">
    ]>
    ....
    &myheader;
SGML is complex, so various efforts were made to simplify HTML, and that's one of the capabilities that was dropped along the way.

Replies

int_19h05/03/2025

We also had a brief detour into XML with XHTML, and XML has XInclude, although it's not a required feature.

show 2 replies
j4505/04/2025

Neat reference, going to look into that.

The <object> tag appears to include/embed other html pages.

An embedded HTML page:

<object data="snippet.html" width="500" height="200"></object>

https://www.w3schools.com/tags/tag_object.asp

show 2 replies
timewizard05/04/2025

Well, that is an entire attack surface, on it's own.

https://en.wikipedia.org/wiki/Billion_laughs_attack

show 1 reply
lkuty05/04/2025

It existed also in DTD (Document Type Definition) used with HTML 4 and below, and XML. Came fromn SGML too I guess.

show 1 reply