W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Perry Smith <pedzsan@gmail.com>
Date: Sat, 26 Jul 2014 08:34:14 -0500
Cc: public-webapps@w3.org
Message-Id: <0FFAEDFB-5AFF-426B-97DF-6A37075D0D06@gmail.com>
To: noloader@gmail.com

On Jul 26, 2014, at 8:26 AM, Jeffrey Walton <noloader@gmail.com> wrote:

> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith <pedzsan@gmail.com> wrote:
>> Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid.  Can someone explain that to me?
> Its a point of data egress. You don't want sensitive information from
> one program scraped and egressed by another.
> The first program could be a browser and the second program could be
> malware. In this case, the malware looks for data placed on the
> clipboard by the browser (and hopes to get a username, password,
> sensitive document, etc).
> Or, it could be another program with the browser scraping the data and
> hauling it off to a site.

I thought about that.  So it is not so much the Copy and Paste operations as much as being able to get the content of the clipboard. ?

Received on Saturday, 26 July 2014 13:34:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC