W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: Clipboard API: remove dangerous formats from mandatory data types

From: Hallvord Reiar Michaelsen Steen <hsteen@mozilla.com>
Date: Sat, 13 Jun 2015 12:57:20 +0200
Message-ID: <CAE3JC2w5CwbUAdPv9+Kjf9fWFmYDJLZ+y8o2=5TjzspLQbVNow@mail.gmail.com>
To: Wez <wez@google.com>
Cc: Daniel Cheng <dcheng@google.com>, public-webapps <public-webapps@w3.org>
On Thu, Jun 11, 2015 at 7:51 PM, Wez <wez@google.com> wrote:

> Hallvord,
>
> The proposal isn't to remove support for copying/pasting images, but to
> restrict web content from placing compressed image data in one of these
> formats on the clipboard directly - there's no issue with content pasting
> raw pixels from a canvas, for example, since scope for abusing that to
> compromise the recipient is extremely limited by comparison to JPEG, PNG or
> GIF.
>

Well, but as far as I can tell we don't currently *have* a way JS can place
pixels from a canvas on the clipboard (except by putting a piece of data
labelled as image/png or similar there). So if you're pushing back against
the idea that JS can place random data on the clipboard and label it
image/png, how exactly would you propose JS-triggered copy of image data to
work? Say, from a CANVAS-based image editor?
-Hallvord
Received on Saturday, 13 June 2015 10:57:48 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC