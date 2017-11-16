Firefox Will Block Navigational Data URIs as Part of an Anti-Phishing Feature (bleepingcomputer.com) 9
Catalin Cimpanu, writing for BleepingComputer: Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol. The data: URI scheme (RFC 2397) was deployed in 1998 when developers were looking for ways to embed files in other files. What they came up with was the data: URI scheme that allows a developer to load a file represented as an ASCII-encoded octet stream inside another document. Since then, the URI scheme has become very popular with website developers as it allows them to embed text-based (CSS or JS) files or image (PNG, JPEG) files inside HTML documents instead of loading each resource via a separate HTTP request. This practice became hugely popular because search engines started ranking websites based on their page loading speed and the more HTTP requests a website made, the slower it loaded, and the more it affected a site's SERP position.
Why do they always need to re-invent the wheel? Why can't they use RFC 3514 like everybody else?
So...they are blocking embedded files now?
Web sites like CNN are excruciatingly slow because they are selling your ad space off in real time to a dozen different agencies.
I think they are blocking data URIs in the URL?
That's what I understand when I read "block navigational data URIs".
I don't see how embedding a base64-encoded string of a PNG image inside a CSS file could be used for phishing.
I believe slashdot uses that to embed ads so they can't be blocked. If you view page source on the main slashdot page you'll see what I mean. Of course I could be misunderstanding what Mozilla is saying and/or what slashdot is doing.