Re: Concerns regarding cross-origin copy/paste security

On Thu, Feb 2, 2012 at 10:20 PM, Charles Pritchard <> wrote:
>  Seems like a very minor risk for high security sites, e.g. banking, in
> identifying form elements.
> In the spirit of giving it some thought:

But even for those websites, what could input / textarea elements can
reveal more than what user sees?

 There are various XSS headers that signal enhanced security for websites,
> even to browser extensions.
> Perhaps some of them ought to be used in the "copy" mechanism. That way
> the data never reaches the clipboard for paste.

That's also an option and may need to be spec'ed to some extent.

- Ryosuke

Received on Friday, 3 February 2012 06:28:42 UTC