Re: [w3c/clipboard-apis] Active malicious PasteJacking exploits in-the-wild affecting user security owing to lack of sufficient consideration to identified and other security concerns (#142) from sspi on 2021-05-20 (public-webapps-github@w3.org from May 2021)

From: sspi <notifications@github.com>
Date: Thu, 20 May 2021 01:00:07 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/142/844833665@github.com>

Another solution to this security problem is to only allow mimetypes suffixed by a dedicated term for write operations in the clipboard ("/dangerous" or "-unchecked" for example) .

It is then the responsibility of the web-site or application reading the clipboard to ensure with the user that the pasted content is correct.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/142#issuecomment-844833665

Received on Thursday, 20 May 2021 08:00:20 UTC