Clipboard API: Stripping script element


The current clipboard API specification mentions security risks of copy & paste but doesn't seem to explicitly mention methods by which user agents deal with such security risks.

In particular, WebKit has been stripping script element from the pasted content but this may have some side effects on CSS rules.]

It would be great to mention what kind of manipulations user agents are allowed to do to make the pasted content secure.

- R. Niwa

Received on Tuesday, 26 March 2013 09:05:40 UTC