Reputation: 8071
Does html doctype make the page more secure?
Does the doctype help to make a webpage more secure? I have used the following:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
So is my page more secure now? How is that? Also the page still shows some warning and errors when I check my page if using the validator server here. So does that mean my page is not secure?
Upvotes: 1
Views: 941
Answers (5)
Reputation: 3214
No DOCtype is not related to security concern. To get clear conception of it, you might like this article http://www.alistapart.com/articles/doctype/
Upvotes: 0
Reputation: 201618
No, adding a doctype declaration does not affect security the least. If your page “still shows some warning and errors when [you] check [your] page”, it simply means that the page does not conform to the document type definition that you refer to by the doctype declaration.
Validation is a purely formal thing, and the impact of violation validity requirements depends on the kind of violation. (The impact varies from no impact to total collapse.)
The use of a doctype declaration is, as far as browsers are considered, just a magic incantation that triggers “standards mode”, “almost standards mode”, or “quirks mode”, depending on browser and doctype. It’s a fairly complex issue, but the XHTML 1.0 doctype you mention triggers “standards mode”, and the absence of any doctype triggers “quirks mode”, which is really just a common name for many kinds of quirks and oddities that browsers do in trying to emulate bugs in browser versions from the 20th century.
Upvotes: 0
Reputation: 168705
Does the doctype help to make a webpage more secure?
No it doesn't. DOCTYPE is not a security feature.
What it does is tell the browser what kind of document it is reading.
If you don't specify any doctype, then IE will drop into quirks mode, meaning that the page will be rendered completely differently do any other browser. You don't want this, so you should specify a doctype. (but for this context, it doesn't matter which doctype)
The XHTML Strict doctype tells the browser that you want your page to be XHTML, and for that to be enforced strictly.
This will (in theory) cause the browser to throw an error if your code does not conform to the XHTML rules, rather than trying to render it anyway. In theory this makes your code better because you can pick up errors more easily. However many browsers don't actually enforce it, meaning that the whole "strict" thing is fairly irrelevant. XHTML is no longer considered best practice, and most people have moved on from this now, and are using the HTML5 doctype instead.
Upvotes: 0
Reputation: 3691
The DOCTYPE has nothing to do with security. The DOCTYPE tells the browser what version of HTML your website is written in so that the browser can display the website accordingly.
The W3C validator is a tool to help find errors that may impact how your website is rendered in various browsers, so fixing any issues you see reported there will only improve usability and how it looks.
Upvotes: 3
Reputation: 1718
No it doesn't. Strict XHTML (or any doctype) does not make your page better, nicer or faster.
Upvotes: 0
Related Questions
- Are there different HTML5 doctypes?
- Do modern browsers care about the DOCTYPE?
- What happens if I don't put a <!DOCTYPE html> in my code? Will it make any major changes?
- XHTML-Doctype in Websites still valid to use?
- DocBook vs. HTML - difference
- If I use HTML 5's doctype, what will happen?
- Whats the point of DOCTYPE?
- Should I always use HTML Doctypes?
- Is the DOCTYPE relevant only to the markup or also to the DOM?
- HTML: Do we really need different DocTypes?