Content deleted Content added
Quangthien27 (talk | contribs) m internal link |
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5 |
||
Line 113:
==Malware and phishing==
The data URI can be utilized to construct attack pages that attempt to obtain usernames and passwords from unsuspecting web users. It can also be used to get around [[cross-site scripting]] (XSS) restrictions, embedding the attack payload fully inside the address bar, and hosted via URL shortening services rather than needing a full website that is controlled by a third party.<ref>Phishing without a webpage – researcher reveals how a link itself can be malicious, Naked Security by Sophos, 31 AUG 2012 https://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/ {{Webarchive|url=https://web.archive.org/web/20160416153147/https://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/ |date=2016-04-16 }}</ref> As a result, some browsers now block webpages from navigating to data URIs.<ref>{{cite web|title=Data URLs - HTTP | MDN|url=https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs#Common_problems|website=MDN Web Docs|publisher=Mozilla|access-date=11 May 2018}}</ref>
==References==
| |||