W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: Clipboard API: remove dangerous formats from mandatory data types

From: Arthur Barstow <art.barstow@gmail.com>
Date: Wed, 10 Jun 2015 08:55:30 -0400
Message-ID: <557833C2.70301@gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>, Hallvord Reiar Michaelsen Steen <hsteen@mozilla.com>
CC: WebApps WG <public-webapps@w3.org>
On 6/10/15 5:32 AM, Anne van Kesteren wrote:
> On Wed, Jun 10, 2015 at 11:22 AM, Hallvord Reiar Michaelsen Steen
> <hsteen@mozilla.com> wrote:
>> Developing web browsers and their specs means paranoia should be part of
>> your job description.
>> It is a concern and I'm not sure how to solve it.
> Well we should be able to allow some things here. Either we verify
> that it is an image or we only allow images that are exported from
> <canvas> or some such... But yeah, passing arbitrary bytes seems bad,
> there needs to be some amount of validation.

Are you suggesting/proposing new normative requirement(s) in the "spec 
proper" and/or new text in the security/privacy considerations [1]?

[1] 
https://w3c.github.io/clipboard-apis/#other-security-and-privacy-considerations
Received on Wednesday, 10 June 2015 12:56:05 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC