IIUC that approach won't help, because the problem here is not necessarily invalid/malformed data, but even valid data that some decoders fail to handle gracefully. On 9 June 2015 at 14:13, Paul Libbrecht <paul@hoplahup.net> wrote: > On 9/06/15 23:08, Daniel Cheng wrote: > > So the solution is to require that browsers that make known media-types >> in the clipboard actually parse it for its value? That sounds doable (and >> probably even useful: e.g. put other picture flavours in case of a >> pictures). >> > I don't think I understand what this means. > > Since the browser is what would act on behalf of JS when putting a given > data into the clipboard, it could check that this data is well formed and > maybe matches the patterns of known exploits. > > paul >
Received on Tuesday, 9 June 2015 21:27:02 UTC