W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: Clipboard API: remove dangerous formats from mandatory data types

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 10 Jun 2015 11:32:40 +0200
Message-ID: <CADnb78hcxCLt=ASEyTn078eEwYD20TUUguffU7CwV5texGuokA@mail.gmail.com>
To: Hallvord Reiar Michaelsen Steen <hsteen@mozilla.com>
Cc: Ashley Gullen <ashley@scirra.com>, Daniel Cheng <dcheng@google.com>, WebApps WG <public-webapps@w3.org>, Paul Libbrecht <paul@hoplahup.net>, Olli Pettay <olli@pettay.fi>
On Wed, Jun 10, 2015 at 11:22 AM, Hallvord Reiar Michaelsen Steen
<hsteen@mozilla.com> wrote:
> Developing web browsers and their specs means paranoia should be part of
> your job description.
> It is a concern and I'm not sure how to solve it.

Well we should be able to allow some things here. Either we verify
that it is an image or we only allow images that are exported from
<canvas> or some such... But yeah, passing arbitrary bytes seems bad,
there needs to be some amount of validation.


-- 
https://annevankesteren.nl/
Received on Wednesday, 10 June 2015 09:33:05 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC