Let's say you have a help system with topics, and you want to link to a topic about "Getting Started."
<a href="help/getting-started.html">View Getting Started Guide</a>
Given the rise of JavaScript frameworks (React, Vue) and server-side languages (PHP, Node.js, Python/Django), SHTML is considered "retro." However, it is not dead.
Modern use case: SHTML is still widely used in static site generators and marketing landing pages where a simple repeating footer is needed, but adding a full CMS is overkill. view shtml link
Links in HTML are created using the <a> tag. The basic syntax for creating a link is:
<a href="url">Link Text</a>
Treat .shtml like .html in terms of risk — but with one twist:
If an attacker can upload an .shtml file to a server with SSI enabled, they could execute commands like <!--#exec cmd="..." -->. That’s a critical vulnerability. Let's say you have a help system with
If you are browsing the web and click a link like https://www.example.com/reports/2024-report.shtml, you treat it exactly like a normal webpage.
<a href="https://www.yourdomain.com/section/default.shtml">Home</a> Given the rise of JavaScript frameworks (React, Vue)
On Apache, you can enable SSI for .shtml files using an .htaccess file or virtual host config:
AddType text/html .shtml
AddHandler server-parsed .shtml
Options +Includes
On Nginx, you’d use the ssi module with ssi on; inside the location block.
Creating a hyperlink to an SHTML file is identical to linking to any other web resource. Use the standard <a> (anchor) tag.
Let's say you have a help system with topics, and you want to link to a topic about "Getting Started."
<a href="help/getting-started.html">View Getting Started Guide</a>
Given the rise of JavaScript frameworks (React, Vue) and server-side languages (PHP, Node.js, Python/Django), SHTML is considered "retro." However, it is not dead.
Modern use case: SHTML is still widely used in static site generators and marketing landing pages where a simple repeating footer is needed, but adding a full CMS is overkill.
Links in HTML are created using the <a> tag. The basic syntax for creating a link is:
<a href="url">Link Text</a>
Treat .shtml like .html in terms of risk — but with one twist:
If an attacker can upload an .shtml file to a server with SSI enabled, they could execute commands like <!--#exec cmd="..." -->. That’s a critical vulnerability.
If you are browsing the web and click a link like https://www.example.com/reports/2024-report.shtml, you treat it exactly like a normal webpage.
<a href="https://www.yourdomain.com/section/default.shtml">Home</a>
On Apache, you can enable SSI for .shtml files using an .htaccess file or virtual host config:
AddType text/html .shtml
AddHandler server-parsed .shtml
Options +Includes
On Nginx, you’d use the ssi module with ssi on; inside the location block.
Creating a hyperlink to an SHTML file is identical to linking to any other web resource. Use the standard <a> (anchor) tag.