W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations]

From: Paul Libbrecht <paul@activemath.org>
Date: Tue, 10 Mar 2009 15:32:32 +0100
Message-Id: <24D4BEAC-6A22-4024-9883-514FA839AA1D@activemath.org>
To: Web Applications Working Group WG <public-webapps@w3.org>
A few ideas:

- one of the dangers is that flavours may be damageable... so the  
general practice would be that, unless we're in a de-sandboxed region  
(anything else than file://?) all flavours should be sanitized (e.g.  
no scripting, no relative reference, no embedding, except for pack- 
embedded data, no remote calls)

- another danger is that the clipboard should not be read without the  
user knowing, I would recommend, as Safari does, to only allow the  
standard gestures within the user-agent to be triggering clipboard  
operations which in turn, offer access to the clipboard.

To my knowledge, this is enough for a model that can be trusted to the  
users.

I am not very comfortable with the suggestions of trust-level that  
João Eiras suggests (having played with them in MSIE always prompts  
the unknowledgeable user to boost things a bit more in case something  
doesn't work which I find a catastrophic attitude) although I fully  
agree that we are here talking of either the central user clipboard  
and or the content of a drag-and-drop feature (i.e. we are talking of  
acting with external applications as well).

paul




Le 09-mars-09 à 02:36, Web Applications Working Group Issue Tracker a  
écrit :
> ISSUE-85 (clipops security practice): What are common sucrity  
> practices for Clipboard APIs? [Clipboard Operations]
>
> http://www.w3.org/2008/webapps/track/issues/85
>
> Raised by: Charles McCathieNevile
> On product: Clipboard Operations
>
> What are the common security restrictions and considerations that  
> should be listed in the clipboard apis spec?



Received on Tuesday, 10 March 2009 14:33:26 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT