mshtml: Treat "data:" as Gecko special URI scheme

Jacek Caban jacek at
Thu Oct 8 05:18:56 CDT 2015

On 10/08/15 00:13, Joachim Priesner wrote:
> Am Mittwoch, 07. Oktober 2015 schrieb Michael Stefaniuc:
>> part of the review system is already in place:
>> Check the MAINTAINERS file if the DLL in question has a maintainer. If
>> yes than it is his responsibility to review the patch.
> That is great news (which I somehow missed), thanks.
> Alex' question touched an interesting point. states that "Data URIs cannot be used for navigation, for scripting, or to populate frame or iframe elements."
> So pasting data URIs in the address bar should actually not work at all (which I confirmed with IE11), on the other hand things like <iframe src="data:,A%20brief%20note"></iframe> also should not work, which they currently do with this patch because Gecko allows it.
> Should I try to update this patch to exclude frame/iframe elements, or is this not considered a problem because we can assume Gecko handles such things in a secure manner?

I don't think there is security concern here, so unless we find a real
problem, it's fine as it is.


More information about the wine-devel mailing list