8 comments

[ 3.1 ms ] story [ 29.2 ms ] thread
At a cursory look, maybe, but I'd say there are some pretty fundamental differences between the two.

An itty bitty link isn't self-contained. It does include a base64 string, but that contains some compressed text, which means you'll need a few more tools to actually get the content back if you don't have the site available.

Itty bitty is also just a plain-text editor. No messing around to create HTML.

On the other hand, the URLs it generates don't break the limits of some browser implementations, because it isn't a terrible idea to begin with, like mine.

This truly terrible idea started in a 2 minute thing I put together over here [0].

Terrible ideas are always among the most fun. I ran into a lot of issues trying to put this together, as what JS APIs you can/can't run on a data-uri aren't altogether well documented.

(Modifying location doesn't seem to work, but I didn't see that documented. Modifying the history API doesn't, but that does seem to be documented. These are _very good things_ overall, but aren't really blockers to a bad idea like this one.)

The browser is surprisingly secure about it, which is great. Like opening a data-uri in a new tab doesn't always load/parse it, and often arbitrarily cuts the payload.

[0] https://news.ycombinator.com/item?id=24753685

On the github page "Oh no! A hit a bug!" - Should that be "I hit a bug!"?
Could this also be used for evil? To deliver malware or other similar dangerous link that could be delivered in an email etc?
Data URIs are dangerous. So, yes. However, your email provider probably strips links to data URIs. I know that Google & Microsoft both do.

Firefox and Chrome also heavily restrict what can run in a Data URI, and that changes whether its embedded in a page, or opened by a link, or opened by pasting into the URL bar. However, they are still, occasionally, the source of CVEs.

A small target: in my browser I only see “data:” … seems like this also exemplifies another potential pitfall with respect to browsers that obscure parts of URLs. For example, it seems bad that I don’t see at least data:text/html;base64… but maybe anything encoded (including images) could lead to a bad outcome?
now my browser says my configuration is administrated by my organization, thanks dude u.u