W3C home > Mailing lists > Public > public-webapi@w3.org > March 2006

Re: Safe copy and paste with scripts

From: Paul Libbrecht <paul@activemath.org>
Date: Wed, 01 Mar 2006 22:33:19 +0100
Message-ID: <4406131F.4090100@activemath.org>
To: Jim Ley <jim@jibbering.com>
Cc: Web APIs WG <public-webapi@w3.org>

Jim Ley wrote:
> The bigger problem is not cancelling it's changing - so you go to copy 
> a url into an email message, and a different link ends up on the 
> clipboard.
That can only be avoided by using explicit actions such as "copy text" 
which would avoid the possibly good value the element would make as copy.
> Or if you simply happen to be on a page and the browser can look at 
> what is in your clipboard, even if it's your untrusted data, yet 
> allowing access to the content when you do want to give your clipboard 
> contents.
Well, the solution of an onCopy and onPaste handlers avoids this hole, a 
recognized hole in IE, I believe:
the idea is that they are triggered by external gestures (menu-items, 
keys...) which makes the browser call the onCopy and writes *itself* to 
the clipboard, or call the onPaste only when it feels the gesture and 
passes the clipboard along (the user should expect the clipboard to be 
read then, or??).

paul
Received on Wednesday, 1 March 2006 21:33:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:53 GMT