W3C home > Mailing lists > Public > www-tag@w3.org > June 2010

Re: Copy to Clipboard - ambush and abuse by javascript

From: Paul Libbrecht <paul@activemath.org>
Date: Thu, 3 Jun 2010 17:16:35 +0200
Cc: Tim Berners-Lee <timbl@w3.org>, TAG List <www-tag@w3.org>
Message-Id: <0536CFB5-F31D-4F45-B63E-4A7B3FDC119F@activemath.org>
To: Robin Berjon <robin@berjon.com>
I mostly agree with Robin's mail and that workshop sounds exciting!
One comment though:

> If we were to specify some form of "private copy" operation (as  
> Jonas, relayed by Paul, describes here) it would block highjacking  
> the copy operation, but it wouldn't block detecting text selection.  
> Analytics information could then be deduced from that (which is  
> likely close enough for decent statistics), and a hidden but  
> selected attribution could also be injected.

"hidden watermarking" is unlikely to be very near, or... could be  
fought about, here's an idea

During that same TPAC (Mandelieu), I discussed with the MSIE team,  
Adrian Bateman in particular, hoping that some markup could be  
negotiated to offer web-pages that a copy of a given subtree also  
copies any alternative format suggested by the markup and they were  
sharply against: it's super easy to inject dangerous things this way!!  
(WMF seems to be the best example). So browsers need to be sure the  
content that is copied is "safe".

- That's easy for plain text and raster pictures.
- That's easy to disqualify for WMF.
- But that's not easy at all for HTML: it is wished by many, but it  
needs to be undressed:
-- remote picture references are a privacy concern (they would  
suddenly be pulled if you pasted that, say, in a mail application)
-- embeds are a huge concern (they start to run in the local scope  
which is a lot more powerful than the sandbox)
- ...
(I still can't believe it's dangerous for many many formats... but who  
knows? It sounds safe for PDF but not for SVG for example...)

So the MSIE team has a "sanitization" method which they use in CMS'  
rich editors to make sure that a pasted content will be clean, it seems.
MathML's chapter 6 warns about this in its clipboard section.
HTML 5 also I think.

Could such sanitization be leveraged to avoid such watermarking??
At least J Sicking's "plain copy" would need to be of this sort, if  
handling HTML.

paul

Received on Thursday, 3 June 2010 15:17:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:33:06 UTC