Re: Fwd: Re: CfC: new WD of Clipboard API and Events; deadline April 5

On Mon, Sep 5, 2011 at 3:52 AM, Hallvord R. M. Steen <hallvord@opera.com>wrote:

> On Mon, 05 Sep 2011 12:14:27 +0200, Anne van Kesteren <annevk@opera.com>
> wrote:
>
>  On Mon, 05 Sep 2011 12:13:35 +0200, Hallvord R. M. Steen <
>> hallvord@opera.com> wrote:
>>
>>> As in <LINK rel=prefetch> and <LINK rel=stylesheet>?
>>>
>>
>> Yes. But this would apply to <img> too of course; maybe they can become a
>> blob URL or some such?
>>
>
> Well, giving JS access to the clipboard's HTML will be next to useless if
> we remove just about everything :-p For the record, I think the spec as-is
> is too paranoid and that we probably should allow form elements (except
> input type=hidden).
>

So the problem we found is that certain productivity apps insert local file
paths, real user name, etc... into meta, link, etc... elements.  This is
problematic for users because users may not expect those information be
exposed to the Web when pasting some contents simply since they're not
visible.

I think the middle ground will be to let implementors decide exactly which
elements or attributes should be trimmed.

- Ryosuke

Received on Tuesday, 6 September 2011 23:25:50 UTC