Good idea. I solved that one by using a "protocol relative url" (omitting the http[s] part).

This is why you should never embed user created SVGs in your site.

What if they're in an img tag?

Ah I didn't know you could have it without the base64 encoding.

I did basically the same:

    data:text/javascript;base64,YWxlcnQoInRlc3QiKQ==

These are awesome, thanks.

I did

    data:text/javascript;base64,YWxlcnQoMSk=

I didn't know you could do stuff like this (not for XSS)

    data:text/html,<script>alert(window.location)</script>

Cool, you can store a whole website in a URL now.

> Cool, you can store a whole website in a URL now.

As long as it's shorter than ~2000 characters [0]

[0] http://stackoverflow.com/questions/417142/what-is-the-maximu...

Seems like in chrome you can go much higher!

Here is a example of 5M

    data:text/html,<script>window.location='data:text/html,<!--'+new Array(5000001).join('a')+'!--><script>document.documentElement.innerHTML=window.location.protocol+\':\'+String(window.location).length;</'+'script>';</script>

I tried 110Mb and it actually worked as well! I'm not sure about the real limit.

You can store MASSIVE amounts of data in these things. It also seems to eventually break the url display and reverts to about:blank. It still retains protocol integrity though.