Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events) from Daniel Cheng on 2011-05-18 (public-webapps@w3.org from April to June 2011)

From: Daniel Cheng <dcheng@chromium.org>
Date: Wed, 18 May 2011 11:12:41 -0700
To: "Hallvord R. M. Steen" <hallvord@opera.com>
Cc: public-webapps@w3.org
Message-ID: <BANLkTik8VKxxpvcPp+ML7BqwV4dM8gd65Q@mail.gmail.com>

On Wed, May 18, 2011 at 02:16, Hallvord R. M. Steen <hallvord@opera.com>wrote:

> What do you think about the current spec text? I've moved the section
> http://dev.w3.org/2006/webapi/clipops/clipops.html#processing-model-for-pasting-html-datato where we prepare the paste event, because integrating this into the HTML5
> DataTransfer stuff becomes much easier this way. (Previously I spec'ed it so
> that this work would happen on a script calling getData('text/html') but
> that would require some hacking around with the getData() definition in
> HTML5.) This means we read and process the HTML part from the clipboard
> before firing paste, but any binary/embedded data will only be read "on
> demand".
>
>
> --
> Hallvord R. M. Steen, Core Tester, Opera Software
> http://www.opera.com http://my.opera.com/hallvors/
>

Shouldn't we have similar concerns about the text/html content of a drop?

Daniel

Received on Wednesday, 18 May 2011 18:13:07 UTC