W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: risks of custom clipboard types

From: Paul Libbrecht <paul@hoplahup.net>
Date: Tue, 17 May 2011 20:08:15 +0200
Cc: Daniel Cheng <dcheng@chromium.org>, Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
Message-Id: <2B3B0792-5A94-4C74-B951-67D8C48F17E1@hoplahup.net>
To: Ryosuke Niwa <rniwa@webkit.org>

Le 17 mai 2011 à 20:05, Ryosuke Niwa a écrit :

> So file-flavour is something special that should be always filtered??
> (in DnD or in CnP), which should be warned against in the spec?
> 
> Ryosuke, can you confirm this is the only risk you were talking about?
> 
> No.  There are some applications that embed sensitive information such as local file path and user name inside a content put into clipboard without notifying the user.  As far as I'm concerned, giving websites access to such information is not acceptable.
> 

Please be more precise with "some applications".

There could be some applications that put the email of the user (or the sender of the mail being read) in the plain text variant without the user knowing!

paul
Received on Tuesday, 17 May 2011 18:08:48 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT