Ryosuke Niwa Software Engineer Google Inc.
On Tue, May 17, 2011 at 10:48 AM, Paul Libbrecht <p...@hoplahup.net> wrote: > > This was certainly at least copied in plain-text as well, or? >> The risk is here today then already, correct? (even with traditional forms >> and a quick onchange that makes it invisible). >> > > It is not because Chromium specifically clears the plain text type if it > detects a file drag. > > > So file-flavour is something special that should be always filtered?? > (in DnD or in CnP), which should be warned against in the spec? > > Ryosuke, can you confirm this is the only risk you were talking about? > No. There are some applications that embed sensitive information such as local file path and user name inside a content put into clipboard without notifying the user. As far as I'm concerned, giving websites access to such information is not acceptable. - Ryosuke