[Bug 21700] New: spec "strip possibly dangerous content before inserting rich text paste markup" from bugzilla@jessica.w3.org on 2013-04-15 (public-webapps-bugzilla@w3.org from April 2013)

From: <bugzilla@jessica.w3.org>
Date: Mon, 15 Apr 2013 08:38:04 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-21700-2532@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=21700

            Bug ID: 21700
           Summary: spec "strip possibly dangerous content before
                    inserting rich text paste markup"
    Classification: Unclassified
           Product: WebAppsWG
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Clipboard API and events
          Assignee: hallvord@opera.com
          Reporter: hallvord@opera.com
        QA Contact: public-webapps-bugzilla@w3.org
                CC: mike@w3.org

If the default action of a paste event is not prevented, the target element of
the paste action supports rich text editing, and there is formatted textual
data on the clipboard, the implementation must remove 

* SCRIPT element
* javascript: URLs
* on...="" event handler attributes

before pasting.

Or something like that.. At least IE&Chrome already do this.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 15 April 2013 08:38:11 UTC