Re: [w3c/clipboard-apis] Active malicious PasteJacking exploits in-the-wild affecting user security owing to lack of sufficient consideration to identified and other security concerns (#142) from Hallvord R. M. Steen on 2021-05-21 (public-webapps-github@w3.org from May 2021)

From: Hallvord R. M. Steen <notifications@github.com>
Date: Fri, 21 May 2021 08:56:18 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/142/846056770@github.com>

Anyone copying from, say, Google Docs with a CANVAS-based rendering engine depends on these features. The use cases are plenty, and unless you have specific and useful suggestions to improving the "security consideration" prose in the spec, I recommend the current editors close this issue.

You may want to ask your favourite browser to implement a "disable clipboard API" setting or write a browser extension that stops websites from using it. I think both are excellent ideas for the cautious. However, arguing that the spec should simply drop widely requested and widely used functionality is, respectfully, wasted time.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/142#issuecomment-846056770

Received on Friday, 21 May 2021 15:56:30 UTC