Revision as of 15:10, 21 August 2023 edit 171.244.10.207 (talk) No edit summary Tag: Reverted ← Previous edit		Revision as of 16:44, 21 August 2023 edit undo Mindmatrix (talk \| contribs) Autopatrolled, Administrators 188,505 edits m Reverted edit by 171.244.10.207 (talk) to last version by Cedar101 Tag: Rollback Next edit →
Line 92: ==Malware and phishing== The data URI can be utilized to construct attack pages that attempt to obtain usernames and passwords from unsuspecting web users. It can also be used to get around [[cross-site scripting]] (XSS) restrictions, embedding the attack payload fully inside the address bar, and hosted via URL shortening services rather than needing a full website that is controlled by a third party.<ref>Phishing without a webpage – researcher reveals how a link itself can be malicious, Naked Security by Sophos, 31 AUG 2012 https://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/</ref> As a result, some browsers now block webpages from navigating to data URIs.<ref>{{cite web\|title=Data URLs - HTTP \| MDN\|url=https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs#Common_problems\|website=MDN Web Docs\|publisher=Mozilla\|access-date=11 May 2018}}</ref> ~~<ref>{{cite news \|last1=Anton \|first1=Elex \|title=Join TinyLink \|url=https://tinylink.cz \|access-date=16 August 2020}}</ref>~~ ==References== {{reflist}}

Data URI scheme: Difference between revisions