- From: Paul Libbrecht <paul@activemath.org>
- Date: Mon, 31 Jan 2011 22:29:30 +0100
- To: Daniel Cheng <dcheng@chromium.org>
- Cc: Ryosuke Niwa <rniwa@webkit.org>, "Hallvord R. M. Steen" <hallvord@opera.com>, public-webapps@w3.org
I am not sure I am entitled to any influence, except my registration to the mailing-list but I would insist to not limit in this way. The clipboard or drag-and-drop transfers are the way to go from the web into something else. They could maybe also be used to go from one site to another but the security concerns would be exactly the same. Wouldn't they? paul Le 31 janv. 2011 à 20:28, Daniel Cheng a écrit : > I think there's value in exposing arbitrary MIME types. However, my proposal is to effectively limit them to a web sandbox so it's only visible from HTML pages for the reasons that you listed. Exposing arbitrary types between HTML and the native OS has potential security issues as well--a page could access some data that it shouldn't see (e.g. filesystem paths) and it could write malformed data into the clipboard that could crash/corrupt other programs. >
Received on Monday, 31 January 2011 21:30:07 UTC