On Mon, 05 Sep 2011 10:44:13 +0200, Anne van Kesteren <[email protected]>
wrote:
On Sun, 04 Sep 2011 23:47:08 +0200, Hallvord R. M. Steen
<[email protected]> wrote:
Also, scripts shouldn't be able to call clearData() during copy/cut
events, correct?
Why not? Is it useful in any other context?
It can be abused to prevent copy and paste from a site. But maybe there
are other ways for that too.
Pretty much everything in this spec can be abused to cause nuisance.
For "10. Cross-origin copy/paste of source code", we might also want
to consider stripping elements that can refer to external URLs such as
link, meta, base, etc...
Those will typically be in the HEAD and not usually part of a pasted
fragment. We certainly don't want to remove A tags or their HREFs, so
I'm not sure why we'd want to remove e.g. LINK.
Depending on the type of <link> it can fetch its resource automatically.
As in <LINK rel=prefetch> and <LINK rel=stylesheet>?
--
Hallvord R. M. Steen, Core Tester, Opera Software
http://www.opera.com http://my.opera.com/hallvors/
