Why does a site without AJAX work over HTTP but not with the Data URI scheme?

Question

Take p01's MATRAKA.

I base64'ing the content served at the URI linked, and put it in a data URI:

data:text/html;base64,iVBORw0KGgoAAAANSUhEUgAABPkAAAABCAAAAACJPCS6AAADIElEQVR4Xm1UYW+qSBR9P6XJRpmBYZgBRIU3TbDdvm02Jlttt1uNL0EZC3kKZhhRW/vfd0Zst0nXD8O595x74N4Lfhuy6YgNE5lhkRRpuUZ3TbQoK7TAlTysOF5U1T3fS2ZsyiqXeVmEy3zP00iWm5BEK76U6rLLU5mFlJBWlPH8OZMNnieLX8+i3BZp+BshxECcGWkikzDZpnnp7JJaSSoe+Ojh1+rHKL+L43jwz93fk5vJmpLbQax/6vw93t2QOB4O0iZ+jic/bsiTkhuzaFkKIJnbCUgkbTuCw6mcsVcZSrQNZcvvOV2sblCH0vGCAHfRPqRuzx4BaKoadAgD/yN4+Uy9nZ2VrWV97/FOBLnF5rJMwBgY1KOkS4lHvU6XqMB3iW9Mgby8pKRNO9A6Qa/tw5kp2/0AaVfqdk1wmvCm3AHpUN8nak4U0QA6vvXBUPsTF/gQosa3+7NzPJ6NIIwmrOC7i1jPEnAV4s0qOYCKy9tCclEnK7DcFgu9s4s5qNEOvuZLUEPB5VYUFzv8aNf4MRriqhQSzGGUsQVu1sfI0SPEzIuCiz9OGeeEH/Weoyt2BwSb4MVWCF7I+3zNHRdGY522ezBKsChlIjkAok096KgJYwqjARNOP4rZR5uDprsoZVNqx4igeDYlx4FltTy11v9L8q/Jry/Aa830OxDpZvHjJYEJXuar1YgvJKAdops2a/yA9FUpDs3c18ke0MBULUCkVcL0XQitzHFPwu75bLzG+tNgRlatgGFNhUm7tjbSq/F7SPmcIbSMltFUWp5re67yr/HWdNWYTrA2PQVnSgYN2Dyx/O56xIdPrB/YHjGVBl0zz7V677UflVA57xl4122hmVrXJlCsxtxqQKN2Trdc6pIX9vRJqNPcOsOv4gO7VuInJbl+5xQTqZYYdXsOUHbmlWp+b46tfgAV8cB0dGVpZvzWzEv/g4Cp8RehF/4wvjeQoc5R/GdszKaDNp3hajuvpAAJTkWyu10nzxwsEEHCzFoZ8lyUOT0TeFasehpYMYT/cYR8IaHievZp+kejqXbhG5rgVVluWB/Cb/8C9spiFDxjYW52YXMgaWQ9Yz48aW1nIHNyYz0jIG9ubG9hZD1mb3IoYT1jLmdldENvbnRleHQoJzJkJyksaT1lPScnLFM9U3RyaW5nLmZyb21DaGFyQ29kZTthLmRyYXdJbWFnZSh0aGlzLGktLSwwKSx0PWEuZ2V0SW1hZ2VEYXRhKDAsMCwxLDEpLmRhdGFbMF07KWUrPVModCk7KDEsZXZhbCkoZSk+

The Content-Type fits, it's the same as they use to serve it over HTTP. But nothing happens in Chrome when navigating to the URI. Not even a web console error message is shown. It works in Firefox.

Why does it work in Chrome over HTTP but not using the Data URI scheme?

Answer 1

Some of the browsers only support data URIs for specific types of files for security reasons. IE specifically only supports it for 'downloaded resources'.

From MSDN: For security reasons, data URIs are restricted to downloaded resources. Data URIs cannot be used for navigation, for scripting, or to populate frame or iframe elements.

Here is a paper specifically on how data URIs can be used for phishing and some of the restrictions browsers have.

Answer 2

That's basically because the source HTML does not contain any <html> and <body> tags. If you put them and re-encode the whole, you'll get a better result.