- From: Paul Libbrecht <paul@hoplahup.net>
- Date: Tue, 17 May 2011 18:50:30 +0200
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: public-webapps@w3.org
Le 17 mai 2011 à 18:39, Boris Zbarsky a écrit : >> On my mac, as far as I know, this can only happen if I copied the the >> file explicitly (as a file, not as a content). Pasting in some web-page >> means I want to transmit the information of the clipboard to the page. > You want to transmit the file contents. You don't want to transmit the location of the file on your disk. Certainly most users don't. > To be clear, we (Mozilla) would consider this an unacceptable privacy breach. This is why we (and other browsers) don't send the full path for file inputs too... this case is no different. So you (Mozilla) would not accept to include URL-list as acceptable flavor to be read from the clipboard at paste time if that URL-list contains file URLs. Correct? Ryosuke, do you see other possible flavor exploits with local-paths? (you seemed to have something more precise in mind) paul
Received on Tuesday, 17 May 2011 16:50:56 UTC