- From: Hallvord R. M. Steen <hallvord@opera.com>
- Date: Mon, 05 Sep 2011 12:13:35 +0200
- To: rniwa@webkit.org, "WebApps WG" <public-webapps@w3.org>, "Anne van Kesteren" <annevk@opera.com>
On Mon, 05 Sep 2011 10:44:13 +0200, Anne van Kesteren <annevk@opera.com> wrote: > On Sun, 04 Sep 2011 23:47:08 +0200, Hallvord R. M. Steen > <hallvord@opera.com> wrote: >>> Also, scripts shouldn't be able to call clearData() during copy/cut >>> events, correct? >> >> Why not? Is it useful in any other context? > > It can be abused to prevent copy and paste from a site. But maybe there > are other ways for that too. Pretty much everything in this spec can be abused to cause nuisance. >>> For "10. Cross-origin copy/paste of source code", we might also want >>> to consider stripping elements that can refer to external URLs such as >>> link, meta, base, etc... >> >> Those will typically be in the HEAD and not usually part of a pasted >> fragment. We certainly don't want to remove A tags or their HREFs, so >> I'm not sure why we'd want to remove e.g. LINK. > > Depending on the type of <link> it can fetch its resource automatically. As in <LINK rel=prefetch> and <LINK rel=stylesheet>? -- Hallvord R. M. Steen, Core Tester, Opera Software http://www.opera.com http://my.opera.com/hallvors/
Received on Monday, 5 September 2011 10:13:00 UTC