https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs#security_issues

A number of security issues (for example, phishing) have been associated with data URLs, and navigating to them in the browser's top level. To mitigate such issues, top-level navigation to data:// URLs is blocked in all modern browsers. See this blog post from the Mozilla Security Team for more details.

data:// url에서의 origin은 null로 설정됩니다. 그래서 same origin policy에 의해서 최상위 프레임 탐색이 차단됩니다