W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

From: Hallvord R. M. Steen <hallvord@opera.com>
Date: Tue, 17 May 2011 13:15:05 +0900
To: "Daniel Cheng" <dcheng@chromium.org>
Cc: public-webapps@w3.org
Message-ID: <op.vvlx3fafa3v5gv@hr-opera.oslo.opera.com>

>> IMO getData() should be 'live' - i.e. return what's on the clipboard.

> I think having it return live data could result in potential security
> issues. Couldn't a script loop inside the paste event to keep sniffing  
> out live data?

What should we do about this? Should the spec mandate a timeout or a limit  
on how many times a script may call getData() for the same event?

-- 
Hallvord R. M. Steen, Core Tester, Opera Software
http://www.opera.com http://my.opera.com/hallvors/
Received on Tuesday, 17 May 2011 04:15:46 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT