I remember seeing a demo of a website which didn't have any tag - I think the stylesheet was served by an http header that the browsers were automatically linking. I can't find the url.
It does for me (Fx35, Windows), but yeah this looks pretty obscure, like the recent bash exploits from 30-year-old features barely anyone knew.
Apart from exploits, semi-related, I just hope the ad industry won't find out about using inline data URIs any soon. This would make ad blocking way more difficult.
Adds are served from a separate IP in part to keep websites honest. As long as this happens browsers can fairly easily tell what's an add. IMO, a more risky option is for add networks to start hosting webpages and I can easily see Google taking this approach.
I remembered using this trick to put a "THIS IS STAGING" banner for my project back few years ago (after reading Eric Meyer's article[1]) It was pretty cool back then.
Since we're talking about obscure hacks, I've seen a website putting ads in an <iframe>, whose URL was the same as the parent (top) URL, and there was even no HTTP request being done for an iframe document (probably due to the URL being already cached by the browser) - so it was not possible to block it via a blocking proxy.
I only managed to block it with the adblock's element hiding query like `domain.com##iframe` or through a userscript.
Makes text uncopiable in all browsers. Combined with entity-encoded source, this could make a decent protection against most users. Not that I approve such things.
[edit] unicode encoding (\67). html-entities do not work.
Interesting, doesn't work in Chrome or Firefox for me. In Firefox you can't select anything. In Chrome you can select all, but nothing gets copied over; also the formatting of some boxes is fucked up.
Seems to be a clever idea for caching and reducing traffic. All static content can be stored within the CSS, which is tagged with a long HTTP expire date. This allows to send all dynamic content within a tiny HTML page that only references the CSS above, thereby adding the static content.
This is exactly what I did when a friend of mine asked how to make the text uncopy-able. I did server-side rendering, create a bunch of randomize tag and generate inline css with ::before and ::after. It was brutal but it works.
Well, thank goodness for accessibility requirements, at least in California. There would be plenty of site owners, including the government, who'd love to make their sites much more difficult to scrape or excerpt from.
I think this shows that the "Content" tag in CSS is a bad idea, at least if you're concerned about separating presentation and content. It's a bit like a single-image website.
No, it just shows that shoveling all content into your CSS is a bad idea. The content property has legitimate uses, especially when combined with tools like icon fonts, etc.
1. need a 'compiler' to compile html and css into one css file
2. seems it can make embedding content a bit easier and cleaner. eg. embed a facebook/twitter button.
45 comments
[ 2.9 ms ] story [ 101 ms ] thread[edit] Here it is! It still doesn't work in Chrome. http://css-tricks.com/using-css-without-html/
Apart from exploits, semi-related, I just hope the ad industry won't find out about using inline data URIs any soon. This would make ad blocking way more difficult.
[1]: http://meyerweb.com/eric/thoughts/2009/01/22/using-http-head...
I only managed to block it with the adblock's element hiding query like `domain.com##iframe` or through a userscript.
[edit] unicode encoding (\67). html-entities do not work.
macko.mici.hu loosely translates to pooh.winnie.hu; mici is also the nickname a friend of mine goes by, which is why I bought the mici.hu domain.
Link:<[filename]>;rel=stylesheet
It's fun to use:
Link:<.>;rel=stylesheet
and detect the Accept: text/css header to serve a css file conditionally, too.
Firefox35
edit: Oh, I suppose the <link> would be styled, wouldn't it?
<x-website></x-website>