W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Jeffrey Walton <noloader@gmail.com>
Date: Sat, 26 Jul 2014 10:09:02 -0400
Message-ID: <CAH8yC8kj+UxeJBS6h5aYLAyVAB2eUCzBuA9g+4TV8hQazZt1Fw@mail.gmail.com>
To: Perry Smith <pedzsan@gmail.com>
Cc: public-webapps@w3.org
On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith <pedzsan@gmail.com> wrote:
> On Jul 26, 2014, at 8:26 AM, Jeffrey Walton <noloader@gmail.com> wrote:
>> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith <pedzsan@gmail.com> wrote:
>>> Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid.  Can someone explain that to me?
>> Its a point of data egress. You don't want sensitive information from
>> one program scraped and egressed by another.
>> The first program could be a browser and the second program could be
>> malware. In this case, the malware looks for data placed on the
>> clipboard by the browser (and hopes to get a username, password,
>> sensitive document, etc).
>> Or, it could be another program with the browser scraping the data and
>> hauling it off to a site.
> I thought about that.  So it is not so much the Copy and Paste operations as much as being able to get the content of the clipboard. ?
Yes, I believe so. The clipboard is a shared resource with little to
no restrictions.

One of the check boxes on a security evaluation is how a program
handles the clipboard and copy/paste (or at least the ones I used when
doing security architecture work). Its one of those dataflows that
could be part of a higher then expected data sensitivity, like a
single sign-on password.

Also, "data egress" may have been a bad choice. In this case, I think
its more about "data collection". Its hard to stop a web browser from
opening a socket ;)

Two addition clipboard features that would be nice are: (1) a "one
shot" copy/paste: delete the password from the clipboard after
retrieving it from he password manager and pasting it into a password
box; and (2) "timed" copy/paste: expire the data after 10 seconds or
so. Both should allow the legitimate use cases, and narrow the window
for the abuse cases.

Received on Saturday, 26 July 2014 14:09:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC