On 20/04/15 22:11, Hallvord Reiar Michaelsen Steen wrote: > Would it be a possible compromise to let a script describe data as > RTF, and then put said data on the clipboard with the OS's correct RTF > data type labelling? And vice versa, if the script asks for RTF give > it any RTF contents from the clipboard as raw (binary) data? Products > and environments that desperately need clipboard RTF support could > then implement their own parsers and converters in JS and write/read > RTF - the rest of us avoid some browser bloat.. Is this level of > "support" reasonable? Is there any security consideration that we should be aware of here? (e.g. embedded content) If not, then I think there's no issue accepting this way. If yes, then I guess there should be some sanitization process happening since otherwise untrusted web-pages could insert in the clipboard RTF-content that would reference external stuff that would be fetched when pasted in.
paul
signature.asc
Description: OpenPGP digital signature