I was wondering if anyone knew what the deal was with uMatrix and Data: URI scripts? I recently read this old post on the InformAction forum: uMatrix alone doesn't provide surrogates (or similar), or protocol-specific whitelisting (ie HTTPS only), nor can it block scripts in some special cases like data: URIs, and it will miss some special attacks like tabnapping. I also confirmed that when all scripts were blocked in uMatrix the PoC script on the following site still ran: http://evil.hackademix.net/hsb/ Is this something that can be blocked with settings in uMatrix or uBlock? I recently made the switch from NoScript/RequestPolicy/ABP to uBlockOrigin/uMatrix along side a few other minor addons. As a long time NoScript/RP user I'm enjoying the change, seems much easier to control websites and see quickly what needs to be unblocked. I'm just not sure what to think about the above.
