Re: [w3c/clipboard-apis] Active malicious PasteJacking exploits in-the-wild affecting user security owing to lack of sufficient consideration to identified and other security concerns (#142) from Maciej Stachowiak on 2021-05-20 (public-webapps-github@w3.org from May 2021)

From: Maciej Stachowiak <notifications@github.com>
Date: Wed, 19 May 2021 21:02:50 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/142/844668912@github.com>

> Remove all capability for browsers to insert content into clipboards that has not been explicitly chosen by the user to be copied (and/or cut). No modification. No addition.

This wouldn't make a material difference to ability to put something unexpected on the pasteboard. There's plenty of ways to make HTML content look like one piece of text visually, but actually have different text contents when converted to plaintext. (e.g. invisible text on top of a background with different text or an image of text). It seems like the most dangerous contexts for paste alteration are plaintext contexts.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/142#issuecomment-844668912

Received on Thursday, 20 May 2021 04:07:19 UTC