Re: risks of custom clipboard types from Paul Libbrecht on 2011-05-17 (public-webapps@w3.org from April to June 2011)

From: Paul Libbrecht <paul@activemath.org>
Date: Tue, 17 May 2011 09:26:47 +0200
To: Ryosuke Niwa <rniwa@webkit.org>
Cc: "Hallvord R. M. Steen" <hallvord@opera.com>, public-webapps <public-webapps@w3.org>
Message-Id: <9E2EA042-85AA-4F14-94DF-C0EC97D99F20@activemath.org>

Le 17 mai 2011 à 09:21, Ryosuke Niwa a écrit :

> On Tue, May 17, 2011 at 12:11 AM, Paul Libbrecht <paul@activemath.org> wrote:
> Ryosuke,
> why would sensitive information be readable or writable?
> 
> Because it has been available through clipboard.  e.g. a popular productivity application puts a local file path in link elements whenever you copy & paste table cells.

Interesting.

A "link" in the sense of a web-link with appropriate media-type or flavour is, to my understanding, something ok. It's a path only (it's not access to that path) and it is even formulated for "web purpose". I agree it's a risk but since it's only when the user pastes intentionally, I don't think it is a risk to be excluded.
Actually, if on my Mac now, I copy a file from the Finder and paste plain text in jEdit, I get the file-name, that's ok I think.

A "link" in the OLE sense has no way to be allowed.

You did mean the first form, did you not?

paul

Received on Tuesday, 17 May 2011 07:28:35 UTC