Remove: Content initiated top frame navigations to data URLs (removed)

We intend to block web pages from loading data: URLs in the top frame using <A> tags, window.open, window.location and similar mechanisms. Pseudo URLs such as data: are generally a source of confusion for users. Because of their unfamiliarity, these schemes are widely being used in spoofing and phishing attacks. Users browsing the web ideally should only ever end up on the two well known schemes (http and https). Deprecated in M58 Removal in M60

Documentation

Status in Chromium

Blink


Removed (tracking bug) in:

  • Chrome for desktop release 60
  • Chrome for Android release 60
  • Opera release 47
  • Opera for Android release 47

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No public signals
  • Shipped
  • No public signals
  • No signals

Owners

Last updated on 2018-01-18