Re: Concerns regarding cross-origin copy/paste security

Adam Barth <w3c@adambarth.com> skreiv Wed, 08 Feb 2012 00:05:54 +0100

>> FWIW, my main concern was the hidden data aspect because it can be  
>> abused
>> for cross-site request forgery if a malicious site by getting the user  
>> to
>> copy and paste gets access to form anti-CSRF tokens and such.
>
> That's certainly possible, but I don't think it's possible for us to
> protect against the long tail of risks here.  In these sorts of cases,
> it can be better for security to not implement a half-correct solution
> and instead decide not to try to mitigate a particular risk.

You are right here.

Also, on considering the abuse potential of getData('text/html'), I've  
realised that we are not introducing much new threat surface here, since a  
simple paste into a rich text editing-enabled element already inserts  
markup so that the target page can see much of what I proposed removing.

I've changed the spec from saying the implementation *must* apply the  
sanitization algorithm to saying the user agent *may* apply it, made it  
clear that it is merely a suggestion, removed some of the most draconian  
parts and marked it as informative. I think it still has some value as an  
informative section.

http://dev.w3.org/cvsweb/~checkout~/2006/webapi/clipops/clipops-source.html?rev=1.15;content-type=text%2Fhtml

Perhaps we should publish a new working draft now?

-- 
Hallvord R. M. Steen
Core tester, Opera Software

Received on Wednesday, 8 February 2012 14:20:34 UTC