- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 05 Sep 2011 10:44:13 +0200
- To: rniwa@webkit.org, "Hallvord R. M. Steen" <hallvord@opera.com>, "WebApps WG" <public-webapps@w3.org>
On Sun, 04 Sep 2011 23:47:08 +0200, Hallvord R. M. Steen <hallvord@opera.com> wrote: >> Also, scripts shouldn't be able to call clearData() during copy/cut >> events, correct? > > Why not? Is it useful in any other context? It can be abused to prevent copy and paste from a site. But maybe there are other ways for that too. >> For "10. Cross-origin copy/paste of source code", we might also want to >> consider stripping elements that can refer to external URLs such as >> link, meta, base, etc... > > Those will typically be in the HEAD and not usually part of a pasted > fragment. We certainly don't want to remove A tags or their HREFs, so > I'm not sure why we'd want to remove e.g. LINK. Depending on the type of <link> it can fetch its resource automatically. -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 5 September 2011 08:44:39 UTC