Re: [w3c/clipboard-apis] Active malicious PasteJacking exploits in-the-wild affecting user security owing to lack of sufficient consideration to identified and other security concerns (#142) from Hallvord R. M. Steen on 2021-05-20 (public-webapps-github@w3.org from May 2021)

From: Hallvord R. M. Steen <notifications@github.com>
Date: Thu, 20 May 2021 06:04:10 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/142/845099687@github.com>

No-longer-editing-this-spec drive-by comment: I'm sure suggestions for improving the spec's prose regarding security considerations can be useful. It may be worth it to say explicitly what @othermaciej laid out above: it is generally held to be true that sites can already control plain text and rich text content on the clipboard through manipulating the selection without this API, for example on keydown/mousedown/contextmenu events that might indicate a copy event. Hence the API gives "good" sites a cleaner way to do what they might need without actually granting "bad" sites meaningful extra powers. Users who are technical enough to paste stuff into a command line are - unfortunately - hard to protect if they are not also skilled enough to understand the risks..

Warnings if the site modified what goes on the clipboard is likely an excellent idea (though if many sites do it for good purposes, warning fatigue will occur). But this is user-agent UI-land, not spec material. User-agents are supposed to innovate and differentiate themselves on UI and security mechanisms. One might choose to block all clipboard API usage unless a site gets white-listed, another might choose to show a popup "site changed clipboard, do you want to copy selected content instead?". Then the market can decide what security features win. Most of the lower-level technical specs try to not impose UI requirements because of an overall idea that this is a good separation of concerns.

In the security field, it is indeed less easy to separate concerns in the first place.. lots of security threats are due to poor UI or need mitigation with UI. But that's the historical background.

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/142#issuecomment-845099687

Received on Thursday, 20 May 2021 13:04:24 UTC