W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: risks of custom clipboard types

From: Daniel Cheng <dcheng@chromium.org>
Date: Tue, 17 May 2011 10:14:50 -0700
Message-ID: <BANLkTikw7GfHuuxz0jFuWdK302BFN+hYAw@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Paul Libbrecht <paul@hoplahup.net>, public-webapps@w3.org
On Tue, May 17, 2011 at 09:27, Paul Libbrecht <paul@activemath.org> wrote:

> On my mac, as far as I know, this can only happen if I copied the the file
> explicitly (as a file, not as a content). Pasting in some web-page means I
> want to transmit the information of the clipboard to the page.
>
> paul
>
>
I actually did implement reading arbitrary types from the clipboard/drop at
one point on Linux just to see how it'd work. When I copied a file in
Nautilus, the full path to the file was available in several different
flavors from the clipboard X selection. In order to prevent attacks of this
sort, we'd have to determine the full set of types that file managers and
other programs could potentially populate with file paths and then
explicitly try to clean them of file paths. It's much easier to just go the
other direction with a whitelist.

On Tue, May 17, 2011 at 09:55, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 5/17/11 12:50 PM, Paul Libbrecht wrote:
>
>> So you (Mozilla) would not accept to include URL-list as acceptable flavor
>> to be read from the clipboard at paste time if that URL-list contains file
>> URLs. Correct?
>>
>
> I believe this is correct, yes.
>
> -Boris
>
>
Chromium and WebKit try to prevent this as well, though we currently have a
few cases we still need to fix. File paths aren't necessarily exploitable,
but they are a privacy violation.

Daniel
Received on Tuesday, 17 May 2011 17:15:20 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT