I've been reading about Data URIs which has the following example of a valid data URI:
data:text/html,<script>alert('hi');</script>
However reading through RFC 2397 I have found the following:
dataurl := "data:" [ mediatype ] [ ";base64" ] "," data
mediatype := [ type "/" subtype ] *( ";" parameter )
data := *urlchar
parameter := attribute "=" value
where "urlchar" is imported from RFC2396
From what I understood is that urlchar should be what is in Section 2.4.3 of RFC2396, where it notes the list of US-ASCII characters that have been excluded and specifically says:
The angle-bracket "<" and ">" and double-quote (") characters are excluded because they are often used as the delimiters around URI in text documents and protocol fields.
So my question is, are angle brackets allowed in Data URLs? Am I misinterpreting the RFC or is the example at MDN wrong?
The example is indeed wrong (in that the Data URI is invalid, although it might "work").