cookie on a data uri page

Asked Jul 05 '12 at 10:10

Active Jul 05 '12 at 17:54

Viewed 664 times

My previous question about the same subject has given me 8 negative votes. I hope now to be clearer. If you run

document.cookie ='ppkcookie1=testcookie;';alert(document.cookie);

on any web page the content of the cookie appears in the message box. if you run the code above inside a very simple data-uri page (you could copy and paste the following string on the address bar in FF or Chrome, since IE does not support it)

 data:text/html;charset=utf-8,<h1>hi people</h1><script>document.cookie='ppkcookie1=testcookie;';alert(document.cookie);</script>

the message box is empty

Does this mean that cookies cannot be used on data-uri pages or there is some errors in my piece of code?

edited May 23 '17 at 11:59

Community

asked Jul 05 '12 at 10:10

tic

4,009
15
45
86

If I paste this into the address bar in chrome - preceded by `javascript: ` - it alerts just fine. `javascript: document.cookie ='ppkcookie1=testcookie;';alert(document.cookie);`. What are you expecting and what are you seeing? – hookedonwinter Jul 05 '12 at 13:11
2

Paste the following string, which complies data uri scheme: `data:text/html,
hi people
` – tic Jul 05 '12 at 13:49
Chrome result: "Uncaught Error: SECURITY_ERR: DOM Exception 18". – Rob W Jul 05 '12 at 18:01
possible duplicate of [Are data URIs on s XSS exploitable?](http://stackoverflow.com/questions/11228771/are-data-uris-on-imgs-xss-exploitable) – Paul Sweatte Jan 28 '14 at 19:16

cookie on a data uri page

hi people

0 Answers0