W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: Clipboard API: remove dangerous formats from mandatory data types

From: Elliott Sprehn <esprehn@chromium.org>
Date: Thu, 11 Jun 2015 11:57:39 -0700
Message-ID: <CAO9Q3iLE6m5fc3v66GfDGA1smEMT2j-10rBX022G5aAKSTK15A@mail.gmail.com>
To: Wez <wez@google.com>
Cc: Hallvord Reiar Michaelsen Steen <hsteen@mozilla.com>, Daniel Cheng <dcheng@google.com>, public-webapps <public-webapps@w3.org>
On Thu, Jun 11, 2015 at 10:51 AM, Wez <wez@google.com> wrote:

> Hallvord,
>
> The proposal isn't to remove support for copying/pasting images, but to
> restrict web content from placing compressed image data in one of these
> formats on the clipboard directly - there's no issue with content pasting
> raw pixels from a canvas, for example, since scope for abusing that to
> compromise the recipient is extremely limited by comparison to JPEG, PNG or
> GIF.
>
> The UA is still at liberty to synthesize these formats itself, based on
> the raw imagery provided by the content, to populate the clipboard with
> formats that other applications want.
>
>
>
I don't think the clipboard should forbid inserting image data, there's so
many ways to compromise desktop software. ex. pasting text/html into
Mail.app might even do it. This API shouldn't be trying to prevent that.

- E
Received on Thursday, 11 June 2015 18:58:51 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC