On 9/06/15 23:08, Daniel Cheng wrote: > > So the solution is to require that browsers that make known > media-types in the clipboard actually parse it for its value? That > sounds doable (and probably even useful: e.g. put other picture > flavours in case of a pictures). > > I don't think I understand what this means. Since the browser is what would act on behalf of JS when putting a given data into the clipboard, it could check that this data is well formed and maybe matches the patterns of known exploits.
paul
signature.asc
Description: OpenPGP digital signature
