Sunday, October 31, 2010

Uri Scheme

In this post i will cover one of the coolest features that modern browser support nowadays which is URI schemes. There is a lot of schemes out there, browser custom schemes (about:something), protocol schemes (, and of course data schemes.

In this post i only will talk about data schemes.

Data schemes are organized like this:

data:{type of the data};{encode},{data}

In the type of data you can various types of data such as:
application/javascript (text/javascript was depreced)

This types are defined in internet media types.

It's time to make some magic.
Put this in your browser:

You should se a image now!
Ok this is the thing, simple fact that you can store data in only a web page.

Now, the question is how we can make this feature useful for us?! Javascript/Html injections!

So let's test something, put this on your browser:



Now let's make this even more fun! Let's encode javascript to make this less

Javascript Encoded + base64

This things can be done all content-types available, so be creative.

Hope you have learn something!.

These sites could be useful for you for further research:

Base64 online encoder - /
XSS - /
Internet media types - /
Data URI Scheme - /
URI Scheme - /

No comments: