[pibaker]

> they are displayed instead of erroring out.

I think what is lost on many people, ironically even the ones who want to retvrn the web to its former glory, is that the browser tries to display broken, half transmitted content because it happened so frequently due to circumstances completely out of the website operator or the user's control. And in most cases showing a half transmitted web page with half of the closing tags missing is almost certainly better than just outright refusing to show anything.

[lostmsu]

Couldn't that be a source for vulnerabilities?

[ipaddr]

Missing closing tags in html no.

[lostmsu]

I could imagine a page where cutting HTML would cause it be a yes (not exact JS).

  <script>
    setTimeout(10000, () => {
      safeEval(<some user input>);
    });
  </script>
  <script>
    window.safeEval = code => eval(code);
  </script>

  <!-- cut the page here -->
  <!-- the prev and next tags around this comment could be combined in one and cut in the middle if the browser autocloses them and treats as valid script after -->

  <script>
    <!-- safety fixed! -->
    const notTooSafe = window.safeEval;
    
    window.safeEval = code => {
      if (code.any(c => !c.isDigit())) throw "unsafe";
      return notTooSafe(code);
    };
  </script>

[a_t48]

Parent poster was talking about the latter half of a page being missing, rather than a chunk out of the middle, I believe.

[lostmsu]

If the script blocks are in the end, how would browser know there's no "latter half of a page"?

[a_t48]

Aha, now I get it. That's a neat idea.