Login/Register
COMPLETE list of HTML tag attributes which have a URL value?
Asked Answered
Solved urlhtml
S

2

71

Besides the following, are there any HTML tag attributes that have a URL as their value?

  • href attribute on tags: <link>, <a>, <area>
  • src attribute on tags: <img>, <iframe>, <frame>, <embed>, <script>, <input>
  • action attribute on tags: <form>
  • data attribute on tags: <object>

Looking for tags in wide usage, including non-standard tags and old browsers as well as HTML 4.01, HTML 5, and XHTML.

Solidago answered 27/4, 2010 at 21:8 Comment(0)
A
110

Check out the W3C's list of HTML attributes, there's a "type" column in there and just look for URI types.

And of course the HTML 5 version of that list is useful too (edit: updated link for HTML 5.2 here)

So for HTML4 we've got:

  • <a href=url>
  • <applet codebase=url>
  • <area href=url>
  • <base href=url>
  • <blockquote cite=url>
  • <body background=url>
  • <del cite=url>
  • <form action=url>
  • <frame longdesc=url> and <frame src=url>
  • <head profile=url>
  • <iframe longdesc=url> and <iframe src=url>
  • <img longdesc=url> and <img src=url> and <img usemap=url>
  • <input src=url> and <input usemap=url>
  • <ins cite=url>
  • <link href=url>
  • <object classid=url> and <object codebase=url> and <object data=url> and <object usemap=url>
  • <q cite=url>
  • <script src=url>

HTML 5 adds a few (and HTML5 seems to not use some of the ones above as well):

  • <audio src=url>
  • <button formaction=url>
  • <command icon=url>
  • <embed src=url>
  • <html manifest=url>
  • <input formaction=url>
  • <source src=url>
  • <track src=url>
  • <video poster=url> and <video src=url>

These aren't necessarily simple URLs:

  • <img srcset="url1 resolution1, url2 resolution2">
  • <source srcset="url1 resolution1, url2 resolution2">
  • <object archive=url> or <object archive="url1 url2 url3">
  • <applet archive=url> or <applet archive=url1,url2,url3>
  • <meta http-equiv="refresh" content="seconds; url">

SVGs can also contain links to resources: <svg><image href="url" /></svg>

In addition, the style attribute can contain css declarations with one or several urls. For example: <div style="background: url(image.png)">

Alleviator answered 27/4, 2010 at 21:9 Comment(9)
Thanks, in particular for the link. I can't believe I've never seen that index.Solidago
Grr... Okay, the index isn't quite perfect. You have to look at the "Comment" field to discover <object archive=url> and I'd have missed <applet archive=url> if it hadn't been in the same vicinity. Your list is also missing <object classid=url>. Still, much better than my initial list!Solidago
I made the comment a community wiki in case there were any others missed, so if you or others find things to add - you can add them!Alleviator
+1, I was just looking for this (https://mcmap.net/q/276547/-xss-which-html-tags-and-attributes-can-trigger-javascript-events/89771), great URLs!Cultivable
@system: Also, don't forget lowsrc and dynsrc.Cultivable
Beyond background and background-image in CSS, there's filter: url() as per developer.mozilla.org/en-US/docs/Web/CSS/filterBernicebernie
In case someone was interested in XPath selector URLs from all of the above mentioned (containing single urls in attribute), I made one.Agrapha
For the srcset attribute, the urlx resolutionx pairs are separated by commas, as explained here - otherwise there would be no effective way of telling which are the urls and which are the resolutions (aside from the fact that there are w or h characters at the start of width or height, or the x character at the end of the pixel density descriptor), since every of those parts would be delimited by spaces. Using commas helps the parser locating the url part as the first part after the comma.Pickup
@DanielDiPaolo, this is super helpful -- thanks a million.Knorr
D
1

So you can include:

<style>
    #domID {
        background:url()
    }
</style>
Deflected answered 4/9, 2012 at 20:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.