It is often necessary to evaluate whether a URL is secure in order to only enable certain features when minimum standards of authentication and confidentiality are met. For that purpose, web standards rely on the definition of "potentially trustworthy URL", which includes URLs with the "data" scheme in the latest version of the Secure Contexts specification. Blink already treats data: URLs as potentially trustworthy in some cases. The goal is to generalize this to all cases.

Motivation

- Ensure consistent behavior of "data:" URLs for security purpose within Blink. - Improve web compat by following the standard.

Documentation

• https://github.com/w3c/webappsec-secure-contexts/issues/69
• https://chromium-review.googlesource.com/c/chromium/src/+/2563683

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink>Network

Implementation status: No active development (tracking bug)

Consensus & Standardization

• Firefox: Positive
• Safari: No signal
• Web Developers: No signals

Owner

• fwang@chromium.org

Last updated on 2020-11-30