Re: [w3c/clipboard-apis] Active malicious PasteJacking exploits in-the-wild affecting user security owing to lack of sufficient consideration to identified and other security concerns (#142)

@sspi - I can't see how that could ever work - there's zero chance you could ever update every-application-ever-written-that-accepts-paste-input such that "It is then the responsibility of the ... application reading the clipboard to ensure with the user that the pasted content is correct."

And that's not even *starting* on how it might even be possible to DO that in the first place - consider some copy/pasted code that uses variable names containing l or I or other nearly/completely indistinguishable characters...

@othermaciej - you can't overlay text I want to select with an image, because then the text can't be marked for copy.  You can't use "invisible text" because it shows up when being marked.  It is trivially easy to overcome other "tricks" that might exist to accomplish PasteJacking via other means (for example: clearing a paste-selection should anything modify what was selected - making it impossible to select the wrong thing).

For the record - discussing reasons not to remove this unnecessary security problem makes no sense without full consideration of the use case in the first instance.  I already demonstrated that no legitimate use case has been suggested which doesn't already have a more-desirable workaround already.

Dangerous features should be removed when there is no need for their existence.  Even if other similar dangers still exist, that is no excuse for keeping the unwanted dangerous feature in the first place (but, bonus, if such other dangers DO still exist, now would be a great time to address and remove those security issues at the same time).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/142#issuecomment-845267344