HTML Ping Attribute Explained ˂ href = ‘http://youtube.com’ ping = ‘http://localhost:8080’ ˃

preview_player
Показать описание
I͕n this video I explain how PING attribute in an anchor HTML element works.

0:00 Intro
1:00 Ping Explained
7:00 Ping Use in Google Search (Chrome)
9:00 Ping is Disabled FireFox
11:00 The Danger of POST



͔͔͔͔͔͔🏭 Backend Engineering Videos

💾 Database Engineering Videos

🛰 Network Engineering Videos

🏰 Load Balancing and Proxies Videos

🐘 Postgres Videos

🚢Docker

🧮 Programming Pattern Videos

🛡 Web Security Videos

🦠 HTTP Videos

🐍 Python Videos

🔆 Javascript Videos

Become a Member

Support me on PayPal

Become a Patreon

Stay Awesome,
Hussein
  1. Hussein Nasser
  2. hussein nasser
  3. backend engineering
  4. html attribute ping
  5. ping tracking html
  6. ping html tracking
Рекомендации по теме
HTML Ping Attribute 0:14:37

HTML Ping Attribute Explained ˂ href = ‘http://youtube.com’ ping = ‘http://localhost:8080’ ˃...

What is the 0:04:21

What is the Ping attribute of HTML Anchor Tag? | HTML Anchor Tag | 10 usages of Anchor Tag | Course

Testing anchor element 0:04:56

Testing anchor element with ping attribute

How to test 0:11:34

How to test ping attribute in Cypress?

#Powershell #HTML based 0:00:55

#Powershell #HTML based ping monitor Dashboard Demo

When To Use 0:07:36

When To Use noreferrer In Your Links (with referrer policy examples)

Coding for 1 0:00:24

Coding for 1 Month Versus 1 Year #shorts #coding

Ping 2021: Aula 0:07:52

Ping 2021: Aula 0x21 - HTML e CSS

Best Programming Languages 0:00:16

Best Programming Languages #programming #coding #javascript

Ping 2021: Aula 0:06:56

Ping 2021: Aula 0x20 - URLs

You're (Probably) Using 0:06:04

You're (Probably) Using Prettier Wrong

CSS Animation Ping 0:11:14

CSS Animation Ping Pong Game Design || Ping Pong Animation Game Design Using HTML And CSS

Refresher Crash Course 0:56:31

Refresher Crash Course for Desktop Support, Network Admin, System Admin, Web Dev, Help Desk

Anchor tag (a 0:06:27

Anchor tag (a tag) part 4 - html 5 tutorial in hindi - urdu with name attribute - Class - 07

Do you want 0:00:16

Do you want to better your life? #philippines #angelescity #expat #pampanga #travelvlog

22 - ping-monitor 0:06:54

22 - ping-monitor - icons

HTML, CSS, & 0:22:35

HTML, CSS, & JavaScript | ping coming soon page master

'Basic Authentication' in 0:05:07

'Basic Authentication' in Five Minutes

HTML5 video accessibility 0:27:22

HTML5 video accessibility and the WebVTT file format

Favicons the Right 0:18:07

Favicons the Right Way

Create Ping Pong 0:55:45

Create Ping Pong Game Using JavaScript and HTML5 | JavaScript Project For Beginners

Blue Prism Video 0:10:18

Blue Prism Video Tutorial | 022 | Automating web applications - Part 1 - Spying HTML elements

Ping single column 0:48:38

Ping single column coming soon Page | Frontend Mentor Challenge | #frontendmentor

Ping Pong Game 0:03:37

Ping Pong Game using (HTML, CSS AND JAVASCRIPT)

Комментарии
Автор

from chrome docs
Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request.

a.yashwanth
Автор

Really awesome stuff Hussein! Like you said I think this is useful for some cases, but really concerning. Also those use-cases can be implemented without the ping attribute, so in my opinion all browsers should disable this.

AdarshMenon
Автор

That thumbnail... 😄 Perfect.
Great job on the video, Hussein. I really don't understand why your channel doesn't have ten times the audience. Keep up the fantastic work; we'll keep learning and sharing!

NC_RC
Автор

Hussein, your channel should have 340k subscribers, honestly the highlight of my day whenever I see a new video added by you. As always, thank you for the great context!

armaandhanji
Автор

Wow, never heard of this before, thank you!

billybunn
Автор

Thank you for sharing this. I am very disturbed that I only knew about this now.

_Perhaps the sneakiness is intentional..._ 🤔 👀

BastiDood
Автор

I really can't explain how grateful to you. Really thank you for your work.

ManojKumar-tirn
Автор

Thank you so much for this informational video. Even though its scary, I feel a lil bit secure in terms of cookies, I always set them up to Lax or Strict.

patrick-dev
Автор

Thank you so much for all your videos. Please don't stop making these tutorials. Can you please make some .net related videos?

VinuP
Автор

I will never stop watching if you upload these type of videos <3

deshkarabhishek
Автор

I have something to add to the Firefox bit. At 10:30 you say "They don't lie, they actually show you that it's a google URL". They actually do "lie" in a very sneaky way :D -
The original href when the page loads IS the actual URL you're supposed to be redirected to (linkedin.com/hsnaser in that case). If you just hover on a link without clicking it, that's what you'll see at the bottom of the screen, or if you inspect the HTML without doing a right click directly on the link. I suspect it's this `onmousedown` attribute you glossed over quickly, which triggers some JS function which replaces the href to the google's url when you press down the mouse button, and when you release it that's when you actually navigate, to the freshly replaced google.com/?... href value.

Really sneaky.

Great video otherwise thanks! I didn't know about this ping attribute :D

Clepsyd_
Автор

About this feature being a security risk, I don't see how because it can't share the main page's cookies so it's not vunerable to CSRF nor can it execute scripts so it's not XSS vunerable.

parlor
Автор

Wow didn't knew that it exists, that's why always waiting for your videos, thank you

lord
Автор

Thanks you for the info.... wasn't aware of it.

shashikantsharma
Автор

Great video nasseir. I don't think it will be a security threat as if you mention other domain url the cookies won't be passed because of Same origin policy.

It could be dangerous when a hacker can inject links in the content using html Injection vulnerabilities where in that case hacker can point the ping url to same site to some sensitive endpoint like delete account, change status etc., etc.,

sairam-ljzu
Автор

I had no idea this existed. Thanks as always Hussein. Do you have any videos on Elastic Search?

bharath
Автор

It is a POST request, but as you mentioned with no body, so I do not see any actual difference in functionality from a GET request except semantics. Since tracking IS storing information it should be a post request to signal that. The only problem with that is the DDOS attacks that could be orchestrated (but I guess its not that hard to firewall ping requests originating from places you do not want.
I wonder how this "circumvents" the no-cookies GDPR clause.

KostasOreopoulos
Автор

so, I guess that in case you own a server and you want to stop malicious activity, couldn't you discard requests that come with 'text/ping' content type?

panossavvaidis
Автор

Very interesting, can I use this for sending email, instead of making new thread to send email, because it runs asynchronously ?

ahmedkhudhair
Автор

Fantastic !! I am thinking how I can use this exploiting CSRF vulnerability.

bhavesh_thakur