Re: Clipboard API: remove dangerous formats from mandatory data types from Jonathan Kingston on 2015-06-13 (public-webapps@w3.org from April to June 2015)

From: Jonathan Kingston <jonathan@jooped.com>
Date: Sat, 13 Jun 2015 02:30:13 +0000
To: "James M. Greene" <james.m.greene@gmail.com>, Elliott Sprehn <esprehn@chromium.org>
Cc: public-webapps <public-webapps@w3.org>, Hallvord Steen <hsteen@mozilla.com>, Wez <wez@google.com>, Daniel Cheng <dcheng@google.com>
Message-ID: <CAKrjaaX+ruQ+DF0MZsJUE=fOosEnJwKd7MGKkJiqX9uFrtCuSA@mail.gmail.com>

Is it worth making the user agent prompt the user to confirm the copy if it
detects anything that isn't text?

That is not as bad as disabling a feature when certain input is used
however it would contribute to more error blindness.

Perhaps there should be a note under security considerations that the user
agent should let the underlying OS / antivirus check the copied text.

On Sat, Jun 13, 2015 at 2:56 AM James M. Greene <james.m.greene@gmail.com>
wrote:

> On Jun 11, 2015 2:02 PM, "Elliott Sprehn" <esprehn@chromium.org> wrote:
> >
> > I don't think the clipboard should forbid inserting image data, there's
> so many ways to compromise desktop software. ex. pasting text/html into
> Mail.app might even do it. This API shouldn't be trying to prevent that.
>
> +1, thank you!
>
> ~~James
>

Received on Saturday, 13 June 2015 02:30:52 UTC