Ryosuke Niwa
Software Engineer
Google Inc.
On Tue, May 17, 2011 at 10:48 AM, Paul Libbrecht <paul@hoplahup.net> wrote:
>
> This was certainly at least copied in plain-text as well, or?
>> The risk is here today then already, correct? (even with traditional forms
>> and a quick onchange that makes it invisible).
>>
>
> It is not because Chromium specifically clears the plain text type if it
> detects a file drag.
>
>
> So file-flavour is something special that should be always filtered??
> (in DnD or in CnP), which should be warned against in the spec?
>
> Ryosuke, can you confirm this is the only risk you were talking about?
>
No. There are some applications that embed sensitive information such as
local file path and user name inside a content put into clipboard without
notifying the user. As far as I'm concerned, giving websites access to such
information is not acceptable.
- Ryosuke