On Thu, Feb 2, 2012 at 10:20 PM, Charles Pritchard <ch...@jumis.com> wrote: > > Seems like a very minor risk for high security sites, e.g. banking, in > identifying form elements. > In the spirit of giving it some thought: >
But even for those websites, what could input / textarea elements can reveal more than what user sees? There are various XSS headers that signal enhanced security for websites, > even to browser extensions. > Perhaps some of them ought to be used in the "copy" mechanism. That way > the data never reaches the clipboard for paste. > That's also an option and may need to be spec'ed to some extent. - Ryosuke