W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: risks of custom clipboard types

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 17 May 2011 12:39:07 -0400
Message-ID: <4DD2A4AB.9080400@mit.edu>
To: public-webapps@w3.org
On 5/17/11 12:27 PM, Paul Libbrecht wrote:
> On my mac, as far as I know, this can only happen if I copied the the
> file explicitly (as a file, not as a content). Pasting in some web-page
> means I want to transmit the information of the clipboard to the page.

You want to transmit the file contents.  You don't want to transmit the 
location of the file on your disk.  Certainly most users don't.

To be clear, we (Mozilla) would consider this an unacceptable privacy 
breach.  This is why we (and other browsers) don't send the full path 
for file inputs too... this case is no different.

-Boris
Received on Tuesday, 17 May 2011 16:39:35 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT