Re: [w3c/clipboard-apis] Support for reading custom MIME types from the clipboard (#46) from Ryosuke Niwa on 2017-10-23 (public-webapps-github@w3.org from October 2017)

From: Ryosuke Niwa <notifications@github.com>
Date: Mon, 23 Oct 2017 23:07:06 +0000 (UTC)
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/46/338822272@github.com>

We're going to change WebKit's behavior in STP42 to match more or less what Firefox & Chrome are doing. There are two issues with exposing custom types and letting websites write arbitrary custom types.

 1. Other applications in the system tends to place privacy sensitive information such as the location of the device & user's full name and local file paths into the system clipboard. This means that letting websites read data of an arbitrary type is a privacy concern.
 2. Other applications in the system are not equipped to deal with potentially harmful content being placed into the system clipboard. e.g. image decoders of a photo editing app isn't designed to defend itself against from decoding a malicious content in the system clipboard.  This means that letting websites write data of an arbitrary type is a security concern.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/46#issuecomment-338822272

Received on Monday, 23 October 2017 23:07:31 UTC