W3C home > Mailing lists > Public > public-webapi@w3.org > March 2006

No clipboard access (was Re: Safe copy and paste with scripts)

From: Paul Libbrecht <paul@activemath.org>
Date: Mon, 06 Mar 2006 09:50:51 +0100
Message-ID: <440BF7EB.6060709@activemath.org>
Cc: Web APIs Working Group <public-webapi@w3.org>, robodesign@gmail.com

Can we place state this once and for all: there is no question of 
clipboard access the way MSIE gives it hence there is no security issue 
by "giving access to clipboard" to scripts.

What I, and Maciej, have been proposing is a "passive" clipboard-data 
recipient and provider which is triggered by *standard gestures*.
(using an "onPaste(transferData".)" and "onCopy() -> transferData" which 
could, almost right away, also apply for drag-and-drop)

Can we please hear security freaks about the dangers of that and not 
"giving access to clipboard" ???

thanks

paul

PS: I don't think that popping a dialog is reasonably usable!
PPS: requiring trust is always a delicate step and I believe it should 
be avoided. Most users don't differentiate an "authorize site clipboard 
access" of "authorize site to run ActiveX"...


ROBO Design wrote:
>
> Le Sun, 05 Mar 2006 14:46:55 +0200, Doug Schepers <doug@schepers.cc> a 
> écrit:
>
>> I don't think that the risk of nasty hacks outweighs the utility of
>> clipboard access. No doubt some abuse will occur, but I think that the
>> easiest way of dealing with all nasty JS abuse is to give users an 
>> obvious
>> and simple "Disable Script" button that applies to the current tab. 
>> That way
>> they can, if necessary, copy text, use the context menu, and all the 
>> other
>> things that malicious control-freaks can dish out.
>
> The usefulness of clipboard access is very important, but security is 
> more important.
>
> I'd say the spec must have a requirement for implementors: no matter 
> how, but User Agents must be obliged into asking (at least once per 
> domain, per page, per script, per whatever) for confirmation from the 
> user "do you allow clipboard access from ...?".
>
> Simply allowing access to clipboard data, without confirmation, is by 
> no means acceptable. Doing so, has serious privacy implications (think 
> of how many users have passwords, credit card numbers, personal data, 
> or whatever in clipboard).
>
> There's no need for malicious freaks to do something nasty. I can even 
> add to my site right now (if I want) a script to save all clipboard 
> data on my server (for IE users). Nobody would know, unless they'd 
> check my scripts. That's something every script kiddie would do, just 
> for the "fun" of doing it.
>
> Bringing such features to all "web developers" must be done with care, 
> not to be hasted.
>
>
> --http://www.robodesign.ro
> ROBO Design - We bring you the future
>
Received on Monday, 6 March 2006 08:51:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:53 GMT