Le 17 mai 2011 à 19:14, Daniel Cheng a écrit : > I actually did implement reading arbitrary types from the clipboard/drop at > one point on Linux just to see how it'd work. When I copied a file in > Nautilus, the full path to the file was available in several different > flavors from the clipboard X selection. In order to prevent attacks of this > sort, we'd have to determine the full set of types that file managers and > other programs could potentially populate with file paths and then explicitly > try to clean them of file paths. It's much easier to just go the other > direction with a whitelist.
This was certainly at least copied in plain-text as well, or? The risk is here today then already, correct? (even with traditional forms and a quick onchange that makes it invisible). paul
