Re: Safe copy and paste with scripts from ROBO Design on 2006-03-05 (public-webapi@w3.org from March 2006)

From: ROBO Design <robodesign@gmail.com>
Date: Sun, 05 Mar 2006 22:41:05 +0200
To: "Jim Ley" <jim@jibbering.com>
Cc: "Web API WG" <public-webapi@w3.org>
Message-ID: <op.s5yjqreemapogm@localhost.localdomain>

Le Sun, 05 Mar 2006 22:15:36 +0200, Jim Ley <jim@jibbering.com> a écrit:

>
> "ROBO Design" <robodesign@gmail.com>
>> 1. Any script must not be allowed to read and write clipboard data  
>> unless the user allows so (via a confirmation or a setting in the UA,  
>> whatever). This must be a requirement.
>>
>> This is a security concern that, for example, IE doesn't deal with. Any  
>> web site can overwrite clipboard data, or read the clipboard data  
>> without the unsuspecting user ever knowing.
>
> This is incorrect, it's specifically mentioned in a setting in the UA to  
> allow or deny this behaviour, you can have it set to disallow/prompt or  
> allow as per normal security settings in IE.

As far as I knew the default is to allow this behaviour without  
confirmation in IE 6. My mistake if not.


>> 2. UAs should (or even must) make it so that the "clipboard data read  
>> and write" features are only opt-in, not opt-out.
>
> These are security and a specification is not the best place for  
> discussing security - the reason being any UI will choose security over  
> spec conformance anyway, and deciding the exact methods to be secure is  
> down to the situation and the design of the browser.  A spec should  
> specify how it should be done, it should do no more than highlight  
> potential security problems of allowing unrestricted access to API's in  
> informative notes.
>
>> 3. Developers should have some DOM events that allow them to monitor  
>> the clipboard data (cut/copy/paste and probably even selection  
>> deletion). All these must work only after the user confirms access.
>
> No specification should require a specific UI.

This is something I didn't know. Thanks for pointing that out.

>> 3. This sandboxed clipboard is per page: script won't have access to  
>> clipboard data of other pages opened in other tabs/windows in the same  
>> UA.
>
> That becomes very complicated with 2 or more pages accessing a clipboard  
> at the same time, are you expecting multiple clipboards - that would be  
> confusing for users I think.
>
>> (I know this post goes a bit "off-topic" since it's not only about  
>> security concerns.)
>
> :-)
>
> Cheers,
>
> Jim.

:)


-- 
http://www.robodesign.ro
ROBO Design - We bring you the future

Received on Sunday, 5 March 2006 20:40:21 UTC