> Also, TIL you can put a meta-redirect inside of a data:text/html URI and it will indeed redirect. That will probably come in handy at some point.

> Also TIL, <script> works just fine in data:text/html URIs, despite me having NotScript installed... Also remembering that one for later.

This seems pretty concerning to me… I would’ve expected the browser to prevent this somehow. Any security experts able to verify?