This is a pretty cool little nugget I picked up from the excellent Security Now podcast and wanted to pass it along. Basically, there is an old and obscure IETF RFC that standardizes a scheme for including data in a URI, and all modern browsers seem to support it. In English, this means that instead of using “http:” and pointing to a web page hosted on a server somewhere, you can use “data:” and include the web page right in the URI itself!
For example, if you click on this link, you’ll see another version of this post, but it’s not hosted anywhere. It’s completely in the URL itself. I made it using DataURL.net, which lets you create “data:” compatible base-64 encoded URIs by simply dragging and dropping a web page, image, or other file.
Now, the reason this was being discussed on Security Now is that some smart black hats out there have been using the scheme to create phishing links. There are, of course, legitimate uses. The most often mentioned is speeding up web page load time by cutting down on http requests. But it seems to me that there have got to be other unique and interesting uses.
One that springs to mind is a simple alternative to TwitPic or Twitter’s hosted photos. That is, share photos without hosting them on someone else’s server (and becoming subject to their terms and conditions). To set up a service like this one would have to not only offer encoding like DataURL.net, but also link shortening of incredibly long URLs. I’m going to noodle with this idea a little more and maybe see if I’m up to the task. What other uses for DATA URIs can you think of?