- From: Paul Libbrecht <paul@hoplahup.net>
- Date: Tue, 17 May 2011 19:18:30 +0200
- To: Daniel Cheng <dcheng@chromium.org>
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
Received on Tuesday, 17 May 2011 17:18:54 UTC
Le 17 mai 2011 à 19:14, Daniel Cheng a écrit : > I actually did implement reading arbitrary types from the clipboard/drop at one point on Linux just to see how it'd work. When I copied a file in Nautilus, the full path to the file was available in several different flavors from the clipboard X selection. In order to prevent attacks of this sort, we'd have to determine the full set of types that file managers and other programs could potentially populate with file paths and then explicitly try to clean them of file paths. It's much easier to just go the other direction with a whitelist. This was certainly at least copied in plain-text as well, or? The risk is here today then already, correct? (even with traditional forms and a quick onchange that makes it invisible). paul
Received on Tuesday, 17 May 2011 17:18:54 UTC