Content deleted Content added
Tag: Reverted |
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5 |
||
| (3 intermediate revisions by 3 users not shown) | |||
Line 1:
{{Redirect|data:|the [[WP:IW|interwiki]] shortcut to Wikidata|d:}}
{{Short description|Web page in-line data scheme}}
{{Lowercase title}}The '''data URI scheme''' is a [[Uniform resource identifier|uniform resource identifier (URI)]] scheme that provides a way to include data in-line in [[Web page]]s as if they were external resources. It is a form of file literal or [[here document]]. This technique allows normally separate elements such as images and style sheets to be fetched in a single [[Hypertext Transfer Protocol|Hypertext Transfer Protocol (HTTP)]] request, which may be more efficient than multiple HTTP requests,<ref>{{cite web|url=http://blog.teamtreehouse.com/using-data-uris-speed-website|title=Using Data URIs to Speed Up Your Website|date=27 March 2014|publisher=Treehouse Blog}}</ref> and used by several browser extensions to package images as well as other multimedia content in a single HTML file for page saving.<ref>{{cite web|url=https://chrome.google.com/webstore/detail/singlefile/mpiodijhokgodhhofbcjdecpffjipkle|title=SingleFile - Chrome Web Store|website=Chrome Web Store|access-date=25 August 2018}}</ref><ref>{{cite web|url=https://addons.mozilla.org/en-US/firefox/addon/single-file/|title=SingleFile – Add-ons for Firefox|website=Firefox Add-ons|access-date=25 August 2018}}</ref> {{As of|2024}}, data URIs are fully supported by all major browsers.<ref>{{cite web|url=http://caniuse.com/#feat=datauri|title=Can I use...|first=Alexis|last=Deveria|date=July 2015|access-date=31 August 2015}}</ref>
Line 9 ⟶ 10:
* The '''scheme''', <code>data</code>. It is followed by a colon (<code>:</code>).
* An optional '''media type'''. The media type part may include one or more parameters, in the format <code>attribute=value</code>, separated by semicolons (<code>;</code>) . A common media type parameter is <code>charset</code>, specifying the character set of the media type, where the value is from the IANA list of [[character set]] names.<ref>{{cite web|url=https://www.iana.org/assignments/character-sets/character-sets.xhtml|title=Character Sets|editor1-first=Ned|editor1-last=Freed|editor2-first=Martin|editor2-last=Dürst|publisher=[[Internet Assigned Numbers Authority]]|date=20 December 2013|access-date=31 August 2015}}</ref> If one is not specified, the [[media type]] of the data URI is assumed to be <code>text/plain;charset=US-ASCII</code>.
* An optional '''base64 extension''' <code>base64</code>, separated from the preceding part by a semicolon. When present, this indicates that the data content of the URI is [[binary data]], encoded in [[ASCII]] format using the [[Base64]] scheme for [[binary-to-text encoding]]. The base64 extension is distinguished from any media type parameters by virtue of not having a <code>=value</code> component and by coming after any media type parameters. Since Base64 encoded data is approximately 33% larger than original data, it is recommended to use Base64 data URIs only if the server supports [[HTTP compression]] or embedded files are smaller than 1KB.
* The '''data''', separated from the preceding part by a comma (<code>,</code>). The data is a sequence of zero or more [[octet (computing)|octets]] represented as characters. The comma is required in a data URI, even when the data part has zero length. The characters permitted within the data part include ASCII upper and lowercase letters, digits, and many ASCII punctuation and special characters. Note that this may include characters, such as colon, semicolon, and comma which are delimiters in the URI components preceding the data part. Other octets must be [[percent-encoding|percent-encoded]]. If the data is Base64-encoded, then the data part may contain only valid Base64 characters.<ref name="rfc3986">{{cite web|url=http://tools.ietf.org/html/rfc3986|title=Uniform Resource Identifiers (URI): Generic Syntax|author1-first=Tim|author1-last=Berners-Lee|author1-link=Tim Berners-Lee|author2-first=Roy|author2-last=Fielding|author2-link=Roy Fielding|author3-first=Larry|author3-last=Masinter|publisher=[[Internet Engineering Task Force]]|date=January 2005|access-date=31 August 2015}}</ref> Note that Base64-encoded <code>data:</code> URIs use the standard Base64 character set (with '<code>+</code>' and '<code>/</code>' as characters 62 and 63) rather than the so-called "[[Base64#URL_applications|URL-safe Base64]]" character set.
Line 61 ⟶ 62:
===CSS===
A [[Cascading Style Sheets|Cascading Style Sheets (CSS)]] rule that includes a background image:
<syntaxhighlight lang="css">
ul.checklist li.complete {
padding-left: 20px;
background: white url('data:image/png;base64,iVB\
ORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEU\
AAAD///+l2Z/dAAAAM0lEQVR4nGP4/5/h/1+G/58ZDrAz3D/McH8\
yw83NDDeNGe4Ug9C9zwz3gVLMDA/A6P9/AFGGFyjOXZtQAAAAAEl\
FTkSuQmCC') no-repeat scroll left top;
}
</syntaxhighlight>
In this example, the <code>\ + <linefeed></code> line terminators
are a feature of CSS, indicating continuation on the next line. These would be removed by the CSS stylesheet processor, and the data URI would be reconstituted without whitespace, making it correct, since whitespace is not allowed within the data component of a data:
URI.
===JavaScript===
Line 98 ⟶ 113:
==Malware and phishing==
The data URI can be utilized to construct attack pages that attempt to obtain usernames and passwords from unsuspecting web users. It can also be used to get around [[cross-site scripting]] (XSS) restrictions, embedding the attack payload fully inside the address bar, and hosted via URL shortening services rather than needing a full website that is controlled by a third party.<ref>Phishing without a webpage – researcher reveals how a link itself can be malicious, Naked Security by Sophos, 31 AUG 2012 https://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/ {{Webarchive|url=https://web.archive.org/web/20160416153147/https://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/ |date=2016-04-16 }}</ref> As a result, some browsers now block webpages from navigating to data URIs.<ref>{{cite web|title=Data URLs - HTTP | MDN|url=https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs#Common_problems|website=MDN Web Docs|publisher=Mozilla|access-date=11 May 2018}}</ref>
==References==
| |||