- From: snianu <notifications@github.com>
- Date: Wed, 31 Mar 2021 10:14:29 -0700
- To: w3c/editing <editing@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/editing/issues/285/811263154@github.com>
We have been discussing a security issue related to this feature that I'd like to mention in this thread and get some feedback. How do we know that the file referenced in the html markup is from a native application and not from a source that is "untrusted"? e.g. if the html markup has "<html><img src="file:///etc/passwd"></html>" how do we ensure that we shouldn't provide access to this file if this was inserted into the clipboard by some malicious website and not from a native application? Do we just completely block all local file url references in the HTML markup during html serialization? In Chromium, when we read files during a paste operation, we verify the filenames by reading the file list from the clipboard and then give access to those files if it's present in the clipboard file list. But, in an html markup which could be inserted by a malicious website, how do we know that the file referenced in the markup is safe to access? If we just replace these file urls with Blob urls and allow the browser to access these file without adding any extra checks to verify that the file is from a native app, then a compromised process would allow malicious file read that is present in the user's file system. @dway123 @mkruisselbrink FYI.. @rniwa How does Safari circumvent this security issue when it tries to replace the file urls with blob urls? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/editing/issues/285#issuecomment-811263154
Received on Wednesday, 31 March 2021 17:14:42 UTC