Valid JPG and HTML in one file
-
This is an embedded landing page for an image. You can link to this URL and get the HTML document you are viewing right now (soon to include essential squirrel facts); or embed the exact same URL as an image on your own squirrel-themed page:
According to the internet, here's how the page works:
- start page with JPEG header
- insert HTML content inside JPEG header's comment field
- hide the JPEG body and header data from the browser using CSS
- when the browser gets the HTML, parses out the HTML and renders the surrounding stuff as text, but that gets hidden by CSS
-
I hope this becomes the random squirrel facts topic
-
"Squirrels are very trusting animals, and are of the very few wild animal species which will eat out of a person’s hand."
-
@bb36e said in Valid JPG and HTML in one file:
here's how the page works:
Lets try it!
OMFG WTF MIND BLOAN!
-
@Tsaukpaetra also if you take a look at the page source:
<img src="#" style="border: 1px solid crimson">
Pretty funny eh?
-
@bb36e said in Valid JPG and HTML in one file:
@Tsaukpaetra also if you take a look at the page source:
<img src="#" style="border: 1px solid crimson">
Pretty funny eh?
... Wow, didn't think to check the source, I was wondering what it was talking about...
-
Neat trick.
Can it be done with png and pretty much any format that you can shove custom metadata into? (I don't see why it couldn't be from the description)
-
It's clever, yes it is. But somehow I think this belongs on the BAD IDEAS thread.
-
I wouldn't call it "valid HTML".
-
@anotherusername said in Valid JPG and HTML in one file:
I wouldn't call it "valid HTML".
It's uh... bad enough that this validator ends up spitting out
1001. Fatal Error: Too many messages.
. Granted, it throws an error for every single byte, but yeah.
-
@bb36e said in Valid JPG and HTML in one file:
start page with JPEG header
insert HTML content inside JPEG header's comment fieldHow could that possibly be "valid HTML"? What validator checked that off?
-
@blakeyrat well it displays in basically every browser, so it seems pretty valid to me. if it wasn't valid then it wouldn't work.
-
@bb36e considering @Karla's validator gives 1001 errors, the last of which is "too many errors", and the w3c validator crashes, I'd say it's pretty un-valid.
-
-
@error said in Valid JPG and HTML in one file:
@ben_lubar said in Valid JPG and HTML in one file:
@Karla's validator
Apparently!
-
@groo said in Valid JPG and HTML in one file:
very few wild animal species which will eat out of a person’s hand
I call bullshit, tons of wild animal species will eat out of a person's hand if they've become accustomed to humans and view them as nonthreatening enough to risk getting close. Furthermore, if we expand our definition of "eat out of a person's hand" to not require that hand remain whole and attached to the arm during the process, virtually all wild animal species will fit that description.
-
This has long been an issue where image files can allow for arbitrary textual data and where systems treat things as not necessarily images.
Imagine a JPEG uploaded with some PHP in it, for example.
-
@Arantor said in Valid JPG and HTML in one file:
This has long been an issue where image files can allow for arbitrary textual data and where systems treat things as not necessarily images.
Imagine a JPEG uploaded with some PHP in it, for example.
Yes, but that's not nearly as useful as a JPEG with embedded .rar inside!
-
@Fox said in Valid JPG and HTML in one file:
not require that hand remain whole and attached to the arm during the process
Maybe less if you apply drain cleaner first ...
-
@ben_lubar said in Valid JPG and HTML in one file:
@bb36e considering @Karla's validator gives 1001 errors, the last of which is "too many errors", and the w3c validator crashes, I'd say it's pretty un-valid.
Yeah. Not a lot of file formats allow a random number of garbage bytes to precede the actual file contents. (Although there are some.)
-
In colder regions such as the UK, squirrels plan ahead in order to survive the challenging winter months. They store nuts and seeds at various locations and return to them throughout the winter to maintain their energy levels when food is scarce.
I doubt city squirrels do this any more. The resident squirrels where I live just eat from bins or bird seed holders. Some people actually leave out food for squirrels!
-
@DogsB said in Valid JPG and HTML in one file:
Some people actually leave out food for squirrels
-
@Fox isn't the implication that a squirrel with no prior exposure to humans will eat out of your hand? Mostly, this only happens with island species that have no predators so aren't accustomed to being cautious. One famous example is the dodo
-
@Jaloopa said in Valid JPG and HTML in one file:
dodo
-
@Luhmann fun dodo fact, nobody really knows what they looked like. The image most people think of comes from the illustrations in Alice in Wonderland, but this was well after they went extinct and no contemporary drawings exist
-
-
@ben_lubar said in Valid JPG and HTML in one file:
@error said in Valid JPG and HTML in one file:
@ben_lubar said in Valid JPG and HTML in one file:
@Karla's validator
Apparently!
That's news to me.
-
@Karla does it make you feel validated?
-
@Jaloopa said in Valid JPG and HTML in one file:
@Karla does it make you feel validated?
Maybe if it passed validation.
-
@Karla That's a valid comment
-
@Jaloopa said in Valid JPG and HTML in one file:
nobody really knows what they looked like
Not true. There are at least two works:
-
@coldandtired suspected to be exaggerated at best
http://motherboard.vice.com/read/the-dodo-didnt-look-like-you-think-it-does
-
@DogsB said in Valid JPG and HTML in one file:
I doubt city squirrels do this any more.
The number of holes dug in my garden suggests otherwise.
Some people actually leave out food for squirrels!
Yes. Since the things I found buried tended to be peanuts or occasionally walnuts, neither of which can be found in the area without human intervention, it seems reasonable to conclude that the squirrels were burying a cache despite a likely supply of human-provided food throughout the winter.
-
@blakeyrat said in Valid JPG and HTML in one file:
How could that possibly be "valid HTML"? What validator checked that off?
It probably isn't, but browsers normally don't reject poorly-formatted HTML.
-
@anotherusername said in Valid JPG and HTML in one file:
I wouldn't call it "valid HTML".
Does that even mean anything anymore? I mean, HTML5 states that every input must be accepted by browsers and how it must be parsed, so what would be the point of producing "valid" HTML?
-
@Jaloopa said in Valid JPG and HTML in one file:
't the implication that a squirrel with no prior exposure to humans will eat out of your hand?
Then I still call bullshit, because squirrels who haven't been accustomed to humans flip the fuck out if you even move. So unless you're a damned statue and you make yourself smell nice to squirrels, they won't come near you.
-
@Jaloopa It better be, I validated it first.
-
The main trick is getting the server to deliver the image file as text/html or a document type that will cause the browser to autodetect. Embedding html in image files is old hat, even here
-
@Fox said in Valid JPG and HTML in one file:
So unless you're a damned statue and you make yourself smell nice to squirrels, they won't come near you.
You would have to be nuts.
-
-
Surely this is a security risk. Couldn't you inject a script tag in say a linked image?
-
@lucas1 And now you know why NoScript exists.
-
@Fox yes, but surely the browser shouldn't execute this type of code ... I am just surprised that a browser would let that happen.
-
@lucas1 said in Valid JPG and HTML in one file:
Surely this is a security risk. Couldn't you inject a script tag in say a linked image?
Natch?
@tufty said in Valid JPG and HTML in one file:
Embedding html in image files is old hat, even here
Before they set the site headers to disallow it, this topic brought back fa-spin!
Come to think of it...
Darn, doesn't seem to work or I'm doing it wrong...
-
@Tsaukpaetra oh right.
TBH this is kinda good to know because I wouldn't even think that a browser would allow it when there are lots of other security mechanisms in browsers for things that are more trivial.
-
@Tsaukpaetra said in Valid JPG and HTML in one file:
this topic brought back fa-spin!
It did? I always miss the fun.
-
@Tsaukpaetra said in [Valid JPG and HTML in one file](/post
@tufty said in Valid JPG and HTML in one file:
Before they set the site headers to disallow it, this topic brought back fa-spin!Watch, next they'll bring back Meatspin, too.
-
@lucas1 said in Valid JPG and HTML in one file:
Surely this is a security risk. Couldn't you inject a script tag in say a linked image?
That's what @Tufty did on the post he linked to.
@lucas1 said in Valid JPG and HTML in one file:
@Fox yes, but surely the browser shouldn't execute this type of code ... I am just surprised that a browser would let that happen.
Why not? When it's inside an
<img>
tag, it's naturally interpreted as an image. But when it's served as a regular page, the browser interprets it as HTML. If the headers don't say what to do with it, this is perfectly ordinary behavior. And ordinarily, web pages can run scripts, subject to all the usual security restrictions.@ben_lubar figured out how to neuter it, though, by adding some headers in user-uploaded files, so now the browser won't allow scripts to run.
-
@ScholRLEA said in Valid JPG and HTML in one file:
@Tsaukpaetra said in [Valid JPG and HTML in one file](/post
@tufty said in Valid JPG and HTML in one file:
Before they set the site headers to disallow it, this topic brought back fa-spin!Watch, next they'll bring back Meatspin, too.
Yeah, that would be a dick move.
-
@anotherusername said in Valid JPG and HTML in one file:
But when it's served as a regular page, the browser interprets it as HTML. If the headers don't say what to do with it, this is perfectly ordinary behavior. And ordinarily, web pages can run scripts, subject to all the usual security restrictions.
It depends how this acts cross domain, if this is the behaviour with images from another domain ... sorry but the browser should throw a fit.
If not, it is fine.