Re: Clipboard API: remove dangerous formats from mandatory data types from Hallvord Reiar Michaelsen Steen on 2015-06-10 (public-webapps@w3.org from April to June 2015)

From: Hallvord Reiar Michaelsen Steen <hsteen@mozilla.com>
Date: Wed, 10 Jun 2015 11:22:30 +0200
To: Ashley Gullen <ashley@scirra.com>
Cc: Daniel Cheng <dcheng@google.com>, WebApps WG <public-webapps@w3.org>, Paul Libbrecht <paul@hoplahup.net>, Olli Pettay <olli@pettay.fi>
Message-ID: <CAE3JC2zQFF8u7zjizwRPq48Q_fKKLJHP+11X52pW3DvqYbmcjg@mail.gmail.com>

On Wed, Jun 10, 2015 at 1:23 AM, Ashley Gullen <ashley@scirra.com> wrote:

> The browser could copy a terminal command to wipe the disk, and the user
> could run it. Or copy a URL to a web page that has a known security
> exploit, and then the user pastes it in to the address bar. Maybe we
> shouldn't allow copying anything at all?
>
> Actually I think this is just security by paranoia.
>

Developing web browsers and their specs means paranoia should be part of
your job description.
It is a concern and I'm not sure how to solve it.
-Hallvord

Received on Wednesday, 10 June 2015 09:22:59 UTC