A data URL is a document that is in the same domain as the containing document (unless you put it in a sandbox WITHOUT the allow-same-origin attribute). If you replace that link with a URL on that domain then the same thing would happen: * if you navigate inside the sandbox scripts are prevented * if you open the document in a new tab (Ctrl-click) it is no longer sandboxed and scripts run The behavior of the data: link is as-expected and consistent with how the sandbox works and how data: urls work in Firefox. What this bug comes down to is "data url inheritance is an XSS risk" which is a) known and b) something we're measuring to see if we can change. See bug 255107 and particularly bug 1018872.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.