W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

RE: further with transfers (Re: Clipboard actions BOF table at W3C TPAC)

From: Chris Wilson <Chris.Wilson@microsoft.com>
Date: Thu, 23 Oct 2008 02:57:56 -0700
To: Paul Libbrecht <paul@activemath.org>, "public-webapps@w3.org" <public-webapps@w3.org>, Math Working Group WG <member-math@w3.org>
Message-ID: <D12127075745E648BBC075EF46983E171D12A200B7@TK5-EXMBX-W603v.wingroup.windeploy.ntdev.microsoft.com>

Paul Libbrecht wrote:
> Yesterday, discussion with Chris Wilson and Adrian Bateman, of MSIE
> team, revealed that allowing arbitrary flavours would be a big
> security hole for Windows at least (I believe this is Windows only but
> can't confirm yet).

I wouldn't call it a security hole as much as I would call it "unbounded attack surface area".  :)  At any rate, it would be surface area for any OS that allowed arbitrary types on the clipboard; this isn't a Windows implementation issue.

> A safer approach may be to require that the browsers make sure the
> things sipped into the clipboard/drag-content are only safe things.

That's the rub of my feedback, yes.

-Chris
Received on Thursday, 23 October 2008 09:58:23 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:28 GMT