Hallvord -- That behavior is really all I wanted, i.e. "don't let the browser discard/ignore valid RTF clipboard data".
I would also echo Paul's thoughts: this sounds good but is there any OS/browser-level sanitization process necessary? I would be curious to hear from Ben if Microsoft already has such things in place for IE. Sincerely, James Greene On Mon, Apr 20, 2015 at 3:26 PM, Paul Libbrecht <p...@hoplahup.net> wrote: > > > On 20/04/15 22:11, Hallvord Reiar Michaelsen Steen wrote: > > Would it be a possible compromise to let a script describe data as > > RTF, and then put said data on the clipboard with the OS's correct RTF > > data type labelling? And vice versa, if the script asks for RTF give > > it any RTF contents from the clipboard as raw (binary) data? Products > > and environments that desperately need clipboard RTF support could > > then implement their own parsers and converters in JS and write/read > > RTF - the rest of us avoid some browser bloat.. Is this level of > > "support" reasonable? > Is there any security consideration that we should be aware of here? > (e.g. embedded content) > If not, then I think there's no issue accepting this way. > If yes, then I guess there should be some sanitization process happening > since otherwise untrusted web-pages could insert in the clipboard > RTF-content that would reference external stuff that would be fetched > when pasted in. > > paul > >