Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does an anchor tag's href values need http:// preprended to the URL?

Tags:

<a href="www.stackoverflow.com" target="_blank">click here</a> 

Clicking the above link on a site's HTML page would try to take the user to

<site>/index.html/www.stackoverflow.com 

Where as following works fine

<a href="http://www.stackoverflow.com" target="_blank">click here</a> 

What is the rationale for this behavior?

like image 365
chandmk Avatar asked Jan 25 '12 04:01

chandmk


People also ask

Is the HTTP protocol used in the href value?

Is the http protocol used in the href value? Use relative link when we want to link to pages on our own website. The href for a relative hyperlink does not begin with the http:// and does not include domain name.

How does anchor href work?

<a>: The Anchor element. The <a> HTML element (or anchor element), with its href attribute, creates a hyperlink to web pages, files, email addresses, locations in the same page, or anything else a URL can address. Content within each <a> should indicate the link's destination.

What is an anchor tag in HTML and why do you need to use it?

The <a> tag (anchor tag) in HTML is used to create a hyperlink on the webpage. This hyperlink is used to link the webpage to other web pages or some section of the same web page. It's either used to provide an absolute reference or a relative reference as its “href” value.

Does an anchor tag need an href?

Yes, it is valid to use the anchor tag without a href attribute. If the a element has no href attribute, then the element represents a placeholder for where a link might otherwise have been placed, if it had been relevant, consisting of just the element's contents.


2 Answers

There are several protocols: HTTP, HTTPS, FILE, SSH, SSL, FTP. In addition, as Jeremy mentioned, it's quite possible you may have a file on your server with the exact name of the text you're entering in the HREF.

Basically, any text in the href without a protocol is assumed to be a relative path if there is no / or protocol.

like image 131
jmort253 Avatar answered Sep 30 '22 05:09

jmort253


Update 3/2/2016:

Just use HTTPS for everything, eg: https://www.example.com

Paul Irish recommends against using protocol-relative URLs, i.e. //, and recommends writing all links using https:// - the rationale being:

Now that SSL is encouraged for everyone and doesn’t have performance concerns, this technique [protocol-relative URLs] is now an anti-pattern. If the asset you need is available on SSL, then always use the https:// asset.

Allowing the snippet to request over HTTP opens the door for attacks like the recent Github Man-on-the-side attack. It’s always safe to request HTTPS assets even if your site is on HTTP, however the reverse is not true.


Original post:

As other answers have stated, including protocols in URIs is important because otherwise you leave it up to chance how the URI is interpreted. You could have a MP4 video file literally named "www.something.com" instead of "video.mp4", or a client might try to access your website over FTP because it guessed the protocol wrong.

As Kolink pointed out in a comment, you can omit the http: entirely and just use //, eg //www.example.com. It stops mixed-content security errors ("this page has insecure elements"). It does this because browers will fetch assets such as images as if those assets were using https:// when the user is connected to the current page via HTTPS.

like image 38
iono Avatar answered Sep 30 '22 05:09

iono