On 20/04/15 22:11, Hallvord Reiar Michaelsen Steen wrote:
> Would it be a possible compromise to let a script describe data as
> RTF, and then put said data on the clipboard with the OS's correct RTF
> data type labelling? And vice versa, if the script asks for RTF give
> it any RTF contents from the clipboard as raw (binary) data? Products
> and environments that desperately need clipboard RTF support could
> then implement their own parsers and converters in JS and write/read
> RTF - the rest of us avoid some browser bloat.. Is this level of
> "support" reasonable?
Is there any security consideration that we should be aware of here?
(e.g. embedded content)
If not, then I think there's no issue accepting this way.
If yes, then I guess there should be some sanitization process happening
since otherwise untrusted web-pages could insert in the clipboard
RTF-content that would reference external stuff that would be fetched
when pasted in.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to