{"id":26665520,"url":"https://github.com/elsehow/block-data-uri-attack","last_synced_at":"2026-02-09T15:01:34.085Z","repository":{"id":76067048,"uuid":"79747643","full_name":"elsehow/Block-data-uri-attack","owner":"elsehow","description":"Chrome extension prevents against phishing scheme in which attackers link to a data url to inject malicious code","archived":false,"fork":false,"pushed_at":"2017-01-23T01:47:06.000Z","size":443,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-26T19:42:24.665Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elsehow.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-22T21:40:10.000Z","updated_at":"2017-01-23T01:34:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"d425bcac-5371-4a15-9191-0c12b97ff082","html_url":"https://github.com/elsehow/Block-data-uri-attack","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/elsehow/Block-data-uri-attack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2FBlock-data-uri-attack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2FBlock-data-uri-attack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2FBlock-data-uri-attack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2FBlock-data-uri-attack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elsehow","download_url":"https://codeload.github.com/elsehow/Block-data-uri-attack/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2FBlock-data-uri-attack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29270145,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-09T13:47:44.167Z","status":"ssl_error","status_checked_at":"2026-02-09T13:47:43.721Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-25T17:37:24.743Z","updated_at":"2026-02-09T15:01:34.052Z","avatar_url":"https://github.com/elsehow.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"* Block data URI attack\n\nLately, [[https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/][an exploit has been floating around]] that relies on data urls to deliver malicious (phishing) sites.\nBriefly, clicking what appears to be a gmail attachment delivers the user to a data url, from which a phishing site is loaded.\nTo counter this attack, users would need to pay careful attention to their address bar.\n\nThis plugin addresses this exploit by searching the page for all urls with =data:= URIs, and replaces them with links to an informaive URL.\n\n** Installing\n\nI will submit this plugin to Google. But, the approval process may take a while. To install in the meantime:\n\n- Download [[https://github.com/elsehow/Block-data-uri-attack/raw/master/chrome-ext.zip][the extension.zip]] and unzip.\n- Navigate to chrome://extensions\n- Drag the unzipped =chrome-ext= folder into your browser window.\n- Check Enabled.\n\n** Limitations\n\nIdeally, we would just block the user from visiting any data: url. Unfortunately, Chrome extensions' webRequest API won't allow us to do this:\n\n\n#+BEGIN_QUOTE\nThe webRequest API only exposes requests that the extension has permission to see, given its host permissions. Moreover, only the following schemes are accessible: http://, https://, ftp://, file://, or chrome-extension://.\n#+END_QUOTE\n\n[[https://developer.chrome.com/extensions/webRequest#event-onBeforeRequest][via]].\n\nChrome should really fix this. \n\nIn the meantime, we take a much grosser approach: We scan the page for all links (=a=) with an =href= point to a url starting in =data:=. We then replace these =href=s to a link with some information about this attack.\n\nSince attackers could change the page, we repeat this search-and-replace on an interval.\n\n** Notes\n\nWhile 2-factor authentication is not a pancea, you should definitely enable it; it makes phishing schemes like this one far less likely to succeed.\n\nAlso, you should check the lock in your address bar, to make sure the certificate is really signed to the organization you think you're authenticating with.\n\n** License\n\nBSD\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felsehow%2Fblock-data-uri-attack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felsehow%2Fblock-data-uri-attack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felsehow%2Fblock-data-uri-attack/lists"}