At a cursory look, maybe, but I'd say there are some pretty fundamental differences between the two.
An itty bitty link isn't self-contained. It does include a base64 string, but that contains some compressed text, which means you'll need a few more tools to actually get the content back if you don't have the site available.
Itty bitty is also just a plain-text editor. No messing around to create HTML.
On the other hand, the URLs it generates don't break the limits of some browser implementations, because it isn't a terrible idea to begin with, like mine.
This truly terrible idea started in a 2 minute thing I put together over here [0].
Terrible ideas are always among the most fun. I ran into a lot of issues trying to put this together, as what JS APIs you can/can't run on a data-uri aren't altogether well documented.
(Modifying location doesn't seem to work, but I didn't see that documented. Modifying the history API doesn't, but that does seem to be documented. These are _very good things_ overall, but aren't really blockers to a bad idea like this one.)
The browser is surprisingly secure about it, which is great. Like opening a data-uri in a new tab doesn't always load/parse it, and often arbitrarily cuts the payload.
Data URIs are dangerous. So, yes. However, your email provider probably strips links to data URIs. I know that Google & Microsoft both do.
Firefox and Chrome also heavily restrict what can run in a Data URI, and that changes whether its embedded in a page, or opened by a link, or opened by pasting into the URL bar. However, they are still, occasionally, the source of CVEs.
A small target: in my browser I only see “data:” … seems like this also exemplifies another potential pitfall with respect to browsers that obscure parts of URLs. For example, it seems bad that I don’t see at least data:text/html;base64… but maybe anything encoded (including images) could lead to a bad outcome?
8 comments
[ 3.1 ms ] story [ 29.2 ms ] threadAn itty bitty link isn't self-contained. It does include a base64 string, but that contains some compressed text, which means you'll need a few more tools to actually get the content back if you don't have the site available.
Itty bitty is also just a plain-text editor. No messing around to create HTML.
On the other hand, the URLs it generates don't break the limits of some browser implementations, because it isn't a terrible idea to begin with, like mine.
Terrible ideas are always among the most fun. I ran into a lot of issues trying to put this together, as what JS APIs you can/can't run on a data-uri aren't altogether well documented.
(Modifying location doesn't seem to work, but I didn't see that documented. Modifying the history API doesn't, but that does seem to be documented. These are _very good things_ overall, but aren't really blockers to a bad idea like this one.)
The browser is surprisingly secure about it, which is great. Like opening a data-uri in a new tab doesn't always load/parse it, and often arbitrarily cuts the payload.
[0] https://news.ycombinator.com/item?id=24753685
Firefox and Chrome also heavily restrict what can run in a Data URI, and that changes whether its embedded in a page, or opened by a link, or opened by pasting into the URL bar. However, they are still, occasionally, the source of CVEs.