Writeups

Top-level navigations to data: are not normally allowed. https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-59/
This navigation inherits from the opener as shown for the origin in the protocol confirmation dialog and also leaks the victims CSP.

self.addEventListener('fetch', function (event) {
  event.respondWith(
    Response.redirect('data:text/html,<script>prompt("Test")</script>')
  );
});

This issue was fixed in https://issues.chromium.org/379337758

Improve this page Default Random Basic Light Cyberpunk Code Matrix Blueprint Redacted Glitch Old Terminal Gradient Comic Base64 Emoji Minecraft Flip 🦆 Rainbow text Typoifier Summarizer AI Audio Spoof Oceanic Depths Retro Gamification NoScript