Re: Clipboard API: remove dangerous formats from mandatory data types

On Thu, Jun 11, 2015 at 10:51 AM, Wez <wez@google.com> wrote:

> Hallvord,
>
> The proposal isn't to remove support for copying/pasting images, but to
> restrict web content from placing compressed image data in one of these
> formats on the clipboard directly - there's no issue with content pasting
> raw pixels from a canvas, for example, since scope for abusing that to
> compromise the recipient is extremely limited by comparison to JPEG, PNG or
> GIF.
>
> The UA is still at liberty to synthesize these formats itself, based on
> the raw imagery provided by the content, to populate the clipboard with
> formats that other applications want.
>
>
>
I don't think the clipboard should forbid inserting image data, there's so
many ways to compromise desktop software. ex. pasting text/html into
Mail.app might even do it. This API shouldn't be trying to prevent that.

- E

Received on Thursday, 11 June 2015 18:58:51 UTC