Re: [w3ctag/design-reviews] Async Clipboard - image/delayed content (#350)

No, the transcoding is not lossless. It cannot be since it needs to (in some cases) cleanup encoding exploits.

> For images, because the encoder/decoder that Chrome uses (Skia), and existing sanitization, can only guarantee the sanitization of raster information, only raster information is preserved.

Read this as "the pixels come through (sanitized) but the image metadata is not copied". Note that this is just a description of Chrome's current implementation. UAs can choose preserve whatever metadata from the image that they feel is appropriate.

The main takeaway from the transcoding issue is that users cannot rely on the image being identical to what they put on the clipboard. The UA may need to make changes to it to address security concerns. This applies to both the image data and to the metadata.

Ideally, UAs would preserve as much information as they can in a safe matter.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/350#issuecomment-493131960

Received on Thursday, 16 May 2019 16:09:27 UTC