W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

From: Daniel Cheng <dcheng@chromium.org>
Date: Wed, 18 May 2011 11:12:41 -0700
Message-ID: <BANLkTik8VKxxpvcPp+ML7BqwV4dM8gd65Q@mail.gmail.com>
To: "Hallvord R. M. Steen" <hallvord@opera.com>
Cc: public-webapps@w3.org
On Wed, May 18, 2011 at 02:16, Hallvord R. M. Steen <hallvord@opera.com>wrote:

> What do you think about the current spec text? I've moved the section
> http://dev.w3.org/2006/webapi/clipops/clipops.html#processing-model-for-pasting-html-datato where we prepare the paste event, because integrating this into the HTML5
> DataTransfer stuff becomes much easier this way. (Previously I spec'ed it so
> that this work would happen on a script calling getData('text/html') but
> that would require some hacking around with the getData() definition in
> HTML5.) This means we read and process the HTML part from the clipboard
> before firing paste, but any binary/embedded data will only be read "on
> demand".
>
>
> --
> Hallvord R. M. Steen, Core Tester, Opera Software
> http://www.opera.com http://my.opera.com/hallvors/
>

Shouldn't we have similar concerns about the text/html content of a drop?

Daniel
Received on Wednesday, 18 May 2011 18:13:07 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT