W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

Clipboard API: Stripping script element

From: Ryosuke Niwa <rniwa@apple.com>
Date: Mon, 25 Mar 2013 13:56:57 -0700
Message-id: <F27C10D5-EF26-44D5-A82D-3A5B3487D0B8@apple.com>
Cc: "Hallvord R. M. Steen" <hallvord@opera.com>
To: public-webapps@w3.org
Hi,

The current clipboard API specification mentions security risks of copy & paste but doesn't seem to explicitly mention methods by which user agents deal with such security risks.

In particular, WebKit has been stripping script element from the pasted content but this may have some side effects on CSS rules.]

It would be great to mention what kind of manipulations user agents are allowed to do to make the pasted content secure.

- R. Niwa
Received on Tuesday, 26 March 2013 09:05:40 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:58 GMT