Re: Clipboard API: remove dangerous formats from mandatory data types from Hallvord Reiar Michaelsen Steen on 2015-06-13 (public-webapps@w3.org from April to June 2015)

From: Hallvord Reiar Michaelsen Steen <hsteen@mozilla.com>
Date: Sat, 13 Jun 2015 10:40:37 +0200
To: Elliott Sprehn <esprehn@chromium.org>
Cc: Wez <wez@google.com>, Daniel Cheng <dcheng@google.com>, public-webapps <public-webapps@w3.org>
Message-ID: <CAE3JC2zpfM11-bCXZpbwxEYNLm1wUdmxZwMGLHo3DE9bStaOtw@mail.gmail.com>

On Thu, Jun 11, 2015 at 8:57 PM, Elliott Sprehn <esprehn@chromium.org>
wrote:

> I don't think the clipboard should forbid inserting image data, there's so
> many ways to compromise desktop software. ex. pasting text/html into
> Mail.app might even do it. This API shouldn't be trying to prevent that.
>

Well, the only *really* foolproof way to avoid software vulnerabilities is
not using a computer ;).
I'd still like to see concrete suggestions (like suggested algorithms or
clipboardData methods) that we might consider for a safer solution - if we
can come up with any.
-Hallvord

Received on Saturday, 13 June 2015 08:41:05 UTC