- From: snianu <notifications@github.com>
- Date: Mon, 17 May 2021 11:26:10 -0700
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/clipboard-apis/issues/135/842537563@github.com>
> The spec doesn't really define which MIME types should be supported for write. Chrome only supports a handful. We discussed this in the EditingTF meeting and there were few concerns raised in the meeting that we should probably address first before standardizing any formats in the Async clipboard APIs. Tagging @whsieh @dway123 @gked @BoCupp-Microsoft @johanneswilm to chime in if I missed anything. 1. Reading clipboard formats: Without proper sanitization of the formats, this could expose private data such as file paths, user data etc. Some formats are platform specific as well (e.g. WebArchive format on Mac), so if we want to standardize these formats then we need to define the sanitizers as well to strip out privacy related data and "insecure" content. 2. Writing clipboard formats: Same sanitization requirements as reading. Also impose restrictions on the number of the formats that are written into the clipboard as some arbitrary sites could cause issues in the system clipboard which may not be recoverable(once the format is registered the entry cannot be removed via write APIs). Writing image formats also involves decoders so this exposes native decoders to arbitrary sites. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/clipboard-apis/issues/135#issuecomment-842537563
Received on Monday, 17 May 2021 18:26:37 UTC