- From: Chris Wilson <Chris.Wilson@microsoft.com>
- Date: Thu, 23 Oct 2008 02:57:56 -0700
- To: Paul Libbrecht <paul@activemath.org>, "public-webapps@w3.org" <public-webapps@w3.org>, Math Working Group WG <member-math@w3.org>
Paul Libbrecht wrote: > Yesterday, discussion with Chris Wilson and Adrian Bateman, of MSIE > team, revealed that allowing arbitrary flavours would be a big > security hole for Windows at least (I believe this is Windows only but > can't confirm yet). I wouldn't call it a security hole as much as I would call it "unbounded attack surface area". :) At any rate, it would be surface area for any OS that allowed arbitrary types on the clipboard; this isn't a Windows implementation issue. > A safer approach may be to require that the browsers make sure the > things sipped into the clipboard/drag-content are only safe things. That's the rub of my feedback, yes. -Chris
Received on Thursday, 23 October 2008 09:58:23 UTC