W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: risks of custom clipboard types

From: Paul Libbrecht <paul@hoplahup.net>
Date: Tue, 17 May 2011 19:48:02 +0200
Cc: Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
Message-Id: <6387876D-5FB7-4670-BA59-39F077694A01@hoplahup.net>
To: Daniel Cheng <dcheng@chromium.org>

Le 17 mai 2011 à 19:31, Daniel Cheng a écrit :

> On Tue, May 17, 2011 at 10:18, Paul Libbrecht <paul@hoplahup.net> wrote:
> 
> Le 17 mai 2011 à 19:14, Daniel Cheng a écrit :
> 
>> I actually did implement reading arbitrary types from the clipboard/drop at one point on Linux just to see how it'd work. When I copied a file in Nautilus, the full path to the file was available in several different flavors from the clipboard X selection. In order to prevent attacks of this sort, we'd have to determine the full set of types that file managers and other programs could potentially populate with file paths and then explicitly try to clean them of file paths. It's much easier to just go the other direction with a whitelist.
> 
> This was certainly at least copied in plain-text as well, or?
> The risk is here today then already, correct? (even with traditional forms and a quick onchange that makes it invisible).
> 
> It is not because Chromium specifically clears the plain text type if it detects a file drag.

So file-flavour is something special that should be always filtered??
(in DnD or in CnP), which should be warned against in the spec?

Ryosuke, can you confirm this is the only risk you were talking about?

paul
Received on Tuesday, 17 May 2011 17:48:33 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT