Remove: Content initiated top frame navigations to data URLs (deprecated)

We intend to block web pages from loading data: URLs in the top frame using <A> tags, window.open, window.location and similar mechanisms. Pseudo URLs such as data: are generally a source of confusion for users. Because of their unfamiliarity, these schemes are widely being used in spoofing and phishing attacks. Users browsing the web ideally should only ever end up on the two well known schemes (http and https). Deprecated in M58 Removal in M60

Documentation

Status in Chromium

Deprecated (launch bug) in:

  • Chrome for desktop release 58

Consensus & Standardization

  • No public signals
  • Shipped
  • No public signals
  • No signals

Owners

Last updated on 2017-04-25