> On Feb 17, 2021, at 6:19 AM, Louis Brauer <louis at brauer.family> wrote: > > Am Mi, 17. Feb 2021, um 14:58, schrieb Petite Abeille: >>>> C: gemini://example.org >>>> S: 30 gemini://example.org/trackerid >>>> C: gemini://example.org/trackerid >>>> S: 20 text/tracked >>> >> The above was to illustrate the use of redirects to uniquely tag URLs, >> without any use consent. >> >> Nothing to do with data: URI. >> >> Even though a data URI could contains resources which could trigger >> network activities. > > Hm, I'm not a security or browser developer but do you have an example of a "data URI" that would trigger network activities in Gemini? I thought that Gemini spec was designed in a way to prevent that from happening. SVG images would work nicely in data: URIs. They can have JavaScript in them. If I were making a graphical Gemini browser, I?d just decode the base64 text and then hand the entire blob off to some SVG library, which, for all I know, might run the JavaScript. Or it might not. I don?t remember seeing any SVG-decoding libraries that depended on Node.
---
Previous in thread (9 of 15): 🗣️ Petite Abeille (petite.abeille (a) gmail.com)
Next in thread (11 of 15): 🗣️ Louis Brauer (louis (a) brauer.family)