Firefox Will Block Navigational Data URIs as Part of an Anti-Phishing Feature

Catalin Cimpanu, writing for BleepingComputer: Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol. The data: URI scheme (RFC 2397) was deployed in 1998 when developers were looking for ways to embed files in other files. What they came up with was the data: URI scheme that allows a developer to load a file represented as an ASCII-encoded octet stream inside another document. Since then, the URI scheme has become very popular with website developers as it allows them to embed text-based (CSS or JS) files or image (PNG, JPEG) files inside HTML documents instead of loading each resource via a separate HTTP request. This practice became hugely popular because search engines started ranking websites based on their page loading speed and the more HTTP requests a website made, the slower it loaded, and the more it affected a site's SERP position.

A Better Headline

[darkain]

A better headline is actually a paragraph header half way through TFA:

"Firefox joins Chrome and Edge in blocking navigational data URIs"

So basically Firefox is simply implementing what is already standard practice otherwise on competing browsers.

Re:Anyway

[LucasBC]

They won't be blocking encoded strings for PNG's or other "safe" assets, only encoded strings in top-level data URI navigation (e.g. the address bar, browser history, etc.) and some restricted uses of embedded content such as HTML and JavaScript.