Re: Clipboard API: remove dangerous formats from mandatory data types

IIUC that approach won't help, because the problem here is not necessarily
invalid/malformed data, but even valid data that some decoders fail to
handle gracefully.

On 9 June 2015 at 14:13, Paul Libbrecht <paul@hoplahup.net> wrote:

>  On 9/06/15 23:08, Daniel Cheng wrote:
>
>  So the solution is to require that browsers that make known media-types
>> in the clipboard actually parse it for its value? That sounds doable (and
>> probably even useful: e.g. put other picture flavours in case of a
>> pictures).
>>
> I don't think I understand what this means.
>
> Since the browser is what would act on behalf of JS when putting a given
> data into the clipboard, it could check that this data is well formed and
> maybe matches the patterns of known exploits.
>
> paul
>

Received on Tuesday, 9 June 2015 21:27:02 UTC