data-uri in URI

When I ran the YSlow report this page was using the snippet below, but for obvious reasons I had to change this šŸ™‚

It still uses document.write(), but it passes the whole data-uri. Using the query string (query componentĀ of aĀ URI) would require some serious sanitization.

<script>
    document.write('<style>.box {background:url(+top.location.search.substring(1)+);}</style>');
</script>

Yahoo! Search (sprite)