Clipboard API: remove dangerous formats from mandatory data types from Daniel Cheng on 2015-06-09 (public-webapps@w3.org from April to June 2015)

From: Daniel Cheng <dcheng@google.com>
Date: Tue, 09 Jun 2015 18:39:24 +0000
To: public-webapps <public-webapps@w3.org>
Message-ID: <CAF3XrKpSzXoRCuZtDGHawrvMbaJQZrOZAZuyfG=rs_8y0vNwqQ@mail.gmail.com>

Currently, the Clipboard API [1] mandates support for a number of formats.
Unfortunately, we do not believe it is possible to safely support writing a
number of formats to the clipboard:
- image/png
- image/jpg, image/jpeg
- image/gif

If these types are supported, malicious web content can trivially write a
malformed GIF/JPG/PNG to the clipboard and trigger code execution when
pasting in a program with a vulnerable image decoder. This provides a
trivial way to bypass the sandbox that web content is usually in.

Given this, I'd like to propose that we remove the above formats from the
list of mandatory data types, and avoid adding support for any more complex
formats.

Daniel

[1] http://www.w3.org/TR/clipboard-apis/#mandatory-data-types-1

Received on Tuesday, 9 June 2015 18:45:42 UTC