Visual Cryptography Kit

<p><pre><code> data:text&#x2F;html, &lt;style&gt;img { opacity: 0.5; position: fixed; left: 0; top: 0 }&lt;&#x2F;style&gt; &lt;body&gt;&lt;img src=&quot;https:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~fms27&#x2F;vck&#x2F;share1.gif&quot;&gt; &lt;img src=&quot;https:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~fms27&#x2F;vck&#x2F;share2.gif&quot;&gt; </code></pre> Of course, I did this via the domtools^Wdevtools before experimentally trying the above, which happily works as well.<p>I <i>think</i> the reason the images loaded was because I was on a data: URI? Or am I misinterpreting CORS?

Result: <a href="http:&#x2F;&#x2F;imgur.com&#x2F;DpcqpMs" rel="nofollow">http:&#x2F;&#x2F;imgur.com&#x2F;DpcqpMs</a>

isn&#x27;t this somewhat easy-to-decrypt than OTP? this isn&#x27;t using some XORs, but &#x27;OR&#x27; operations.