- From: Ben Peters <Ben.Peters@microsoft.com>
- Date: Tue, 25 Mar 2014 17:09:59 +0000
- To: Daniel Cheng <dcheng@chromium.org>, "Hallvord R. M. Steen" <hsteen@mozilla.com>
- CC: public-webapps <public-webapps@w3.org>
Hi Daniel, > I'm trying to make sure I correctly understand how the IE11 version of this works. From the sample (http://msdn.microsoft.com/en-us/library/ie/dn254935(v=vs.85).aspx), it looks like if a user pastes in some HTML that references local images, IE11 automatically captures the referenced files into the clipboard. Then the page uses msConvertUrl() rewrites references to the src attributes in the text/html DataTransferItem to reference the blob URLs, right? >Given that the drag data store is in "read only" mode at this point, it seems weird to allow mutations at this point. My understanding was that "read only" was intended to keep sites from changing the system clipboard outside of cut/copy events. We don’t change the system clipboard, only the pasted html. Sites could easily change it right after the paste happens, so we're saving them a step. > In addition, from a security perspective, what stops a malicious website from embedding something like <img src="file:///etc/passwd" style="display:none"></img> in the markup? We disallow this on copy by stripping such references.
Received on Tuesday, 25 March 2014 17:10:28 UTC