Hi Daniel, > I'm trying to make sure I correctly understand how the IE11 version of this > works. From the sample > (http://msdn.microsoft.com/en-us/library/ie/dn254935(v=vs.85).aspx), it looks > like if a user pastes in some HTML that references local images, IE11 > automatically captures the referenced files into the clipboard. Then the page > uses msConvertUrl() rewrites references to the src attributes in the > text/html DataTransferItem to reference the blob URLs, right?
>Given that the drag data store is in "read only" mode at this point, it seems >weird to allow mutations at this point. My understanding was that "read only" was intended to keep sites from changing the system clipboard outside of cut/copy events. We don’t change the system clipboard, only the pasted html. Sites could easily change it right after the paste happens, so we're saving them a step. > In addition, from a security perspective, what stops a malicious website from > embedding something like <img src="file:///etc/passwd" > style="display:none"></img> in the markup? We disallow this on copy by stripping such references.
