- From: Paul Topping <pault@dessci.com>
- Date: Mon, 15 Apr 2013 15:44:13 +0000
- To: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Hi Halvord, Yes, your rewording sounds like a good direction to me. I still worry that placing plain text on the clipboard along with MathML will result in a lot of apps failing to paste the MathML but doing so would probably be considered a bug in such an app. Thanks for filing the bugs. I suspect that the MathML community would be eager to help define what needs to get stripped out of MathML to maintain security. However, speaking for myself, I do not know what kinds of things are considered dangerous. For example, MathML has markup that lets a math expression act as a hyperlink. Do we need to strip that out completely or is that dependent on the url? If there are guidelines on what is considered dangerous, then we could figure out exactly which MathML constructs need to be pruned. Or is there some other procedure for getting this done? Paul > -----Original Message----- > From: Hallvord Reiar Michaelsen Steen [mailto:hallvord@opera.com] > Sent: Monday, April 15, 2013 1:50 AM > To: public-webapps@w3.org; Paul Topping > Subject: Re: MathML and "Clipboard API and events" > > Hi Paul, thanks for your comments. > > > Mathematical information > > > > This section says "MathML often needs to be transformed to be > > copied as plain text, for example to make sure "to the power of" > > is shown with the caret "^" sign in a formula plain-text input." > > Such a transformation should not be part of a normal copy operation > > since that would transfer MathML. My concern is that readers get the > > idea that x 2 should always or often be transformed to x^2. > > > What about saying something like > > > "Some applications may want to place plain text alternatives along with > MathML formulas on he clipboard, for example to make sure .." ? > > > > 10. Mandatory data types > > > > I am surprised not to see a MathML type in this list > > > Well, since you mention it.. I've filed a bug ( > https://www.w3.org/Bugs/Public/show_bug.cgi?id=21698 ) in response to > your question. If you have comments or information please add (either by > replying here or in the bug). Would be great if you could help me understand > whether allowing an application to write MathML to the clipboard could > expose an app to attacks if the MathML markup is pasted without further > processing - see also > https://www.w3.org/Bugs/Public/show_bug.cgi?id=21700 > > > -- > Hallvord R. M. Steen > Core tester, Opera Software > > > >
Received on Monday, 15 April 2013 15:44:43 UTC