W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: clipboard events

From: Paul Libbrecht <paul@activemath.org>
Date: Mon, 31 Jan 2011 22:29:30 +0100
Cc: Ryosuke Niwa <rniwa@webkit.org>, "Hallvord R. M. Steen" <hallvord@opera.com>, public-webapps@w3.org
Message-Id: <3183C24F-2CD3-46EB-8588-2500F6654297@activemath.org>
To: Daniel Cheng <dcheng@chromium.org> 
I am not sure I am entitled to any influence, except my registration to the mailing-list but I would insist to not limit in this way.

The clipboard or drag-and-drop transfers are the way to go from the web into something else.

They could maybe also be used to go from one site to another but the security concerns would be exactly the same. Wouldn't they?

paul



Le 31 janv. 2011 à 20:28, Daniel Cheng a écrit :

> I think there's value in exposing arbitrary MIME types. However, my proposal is to effectively limit them to a web sandbox so it's only visible from HTML pages for the reasons that you listed. Exposing arbitrary types between HTML and the native OS has potential security issues as well--a page could access some data that it shouldn't see (e.g. filesystem paths) and it could write malformed data into the clipboard that could crash/corrupt other programs.
>
Received on Monday, 31 January 2011 21:30:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:16 UTC