W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Clipboard API: remove dangerous formats from mandatory data types

From: Daniel Cheng <dcheng@google.com>
Date: Tue, 09 Jun 2015 18:39:24 +0000
Message-ID: <CAF3XrKpSzXoRCuZtDGHawrvMbaJQZrOZAZuyfG=rs_8y0vNwqQ@mail.gmail.com>
To: public-webapps <public-webapps@w3.org>
Currently, the Clipboard API [1] mandates support for a number of formats.
Unfortunately, we do not believe it is possible to safely support writing a
number of formats to the clipboard:
- image/png
- image/jpg, image/jpeg
- image/gif

If these types are supported, malicious web content can trivially write a
malformed GIF/JPG/PNG to the clipboard and trigger code execution when
pasting in a program with a vulnerable image decoder. This provides a
trivial way to bypass the sandbox that web content is usually in.

Given this, I'd like to propose that we remove the above formats from the
list of mandatory data types, and avoid adding support for any more complex
formats.

Daniel

[1] http://www.w3.org/TR/clipboard-apis/#mandatory-data-types-1
Received on Tuesday, 9 June 2015 18:45:42 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC