Web Application Data URI Discovered Over Non-HTTPS Links

The Data URIs are discovered in target Web Application on Non-HTTPS pages. These links are provided in the Results section along with their parent links. If same Data URI is present on multiple parent links, then only one parent link is reported.

1. Bypassing blacklisting based XSS filters. 2. Phishing 3. Some application use firewall proxies to block retrieval of certain media type. Data URI does support dynamic MIME type creation. It will be difficult for those proxies to filter such data uris.

It's recommended to do detail review of the code related to these data URIs.