Then when starting a new project, it would make little sense to build it this way in the first instance. As any changes further in the future when perhaps the site has grown into something larger, would also be a huge job which could have been avoided had a more maintainable coding practice been employed from the start.
4 Likes
I agree
2 Likes
Just goes to show that they should have implemented the security headers to disable inline CSS and JavaScript at the start so that it wouldnât work.
Inline code is way more difficult to maintain, slows the loading of the site, and by allowing it you make injecting malicious code much easier.
It depends a bit, some people have said inline js can be ok for small pages.
For the css, inlining seems to give performance benefits as long the css file is less than 5000kb, but still would ve much better to put the bare css in the head section. This will be 2-4 percent faster on google speed insights etc, however I have never tested css in the html tags.
The guy just seems new and he will eventually run into some massive cross browser and or propagation/bubbling issues eventually and then hopefuly learn 
not when there are multiple pages using the same CSS - then you are effectively loading the same CSS multiple times (eg 50k CSS and 100 pages = 50000k inline or 50k as a separate file) and it will still be broken for all of the pages for all the devices that the inline CSS isnât catering for.
Also your page is vulnerable to injection if you donât turn off inline CSS and JavaScript in the security headers.
Ah yeah I agree, I would only ever do that on singlenpage websites, and even then, in the head section. Maybe some css inlined in the head section if the css file is huge, but never ever in the html( though there are tutorials out there advocating inline css for html emails).
Does inline css leave a site open to attacks? Can you show examples, really curious
thatâs because email doesnât understand separate stylesheets - everything in the email including images all goes in the one file. For actual HTML web pages it is currently recommended that you use security headers to block inline CSS and JavaScript as being the simplest way to prevent code injection.
The op is doing things the wrong way. It is really that simple. Donât be an enabler. Its the ops prerogative but that doesnât mean we should stand by and tell them they are fine doing it this way. They are not. Its wrong â end of story. If the op is happy providing clients with low quality work than so be it. Iâm sure the client is getting what they paid for anyway.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.