I'm just thinking out loud here, but this problem is similar to one
already faced by email clients, especially those which are web-based...
On Mon, 27 Jul 2015 15:03:40 -0400, Hallvord Reiar Michaelsen Steen
<hst...@mozilla.com> wrote:
On Tue, Jun 9, 2015 at 8:39 PM, Daniel Cheng <dch...@google.com> wrote:
Currently, the Clipboard API [1] mandates support for a number of
formats.
Unfortunately, we do not believe it is possible to safely support
writing a
number of formats to the clipboard:
- image/png
- image/jpg, image/jpeg
- image/gif
Hi Daniel,
I've been pondering this a bit and I think a first step is to split the
list of "mandatory data types" into two: one list for types you must
support reading from the clipboard, and one (smaller) for types you must
support writing to the clipboard. So PNG, JPG et al go in the "support
reading from clipboard" list, and the "support writing" starts out with
text/plain, text/html and text/uri-list - although it would be nice if
CSV was also considered safe enough.
I'm not sure you should directly read image formats from the clipboard,
especially if you don't know how they got there. You shouldn't write stuff
there that can be dangerous, but you really shouldn't read it direct. So
maybe what happens is that when stuff gets written, it goes through a
process like painting it onto a canvas, and then being scraped back off as
coloured pixels and "safe" metadata.
A use case for the latter is the fabled "embedded accessibility" that
could have made longdesc obsolete in 1997 - although the more likely use
case for most people is getting the right geospying in their photo stream,
and proving to the world that their camera clock flashes like a video
player from 1987.
So essentially we don't restrict what is in the clipboard, but we do put
restrictions on what we will take out, and if you want to be well-behaved
you would follow those restrictions before you put anything there. Can we
safely implement a clean/dirty flag similar to canvas, to help avoid
double-sanitizing? Is that worth worrying about?
It would also be good if we could come up with an API for safely writing
images to the clipboard. Just playing:
event.clipboardData.addImageFromCanvas(canvasElm, 'image/png')
Hot or not?
Safely DrawMeA(sheep) is certainly worth pondering. Is it more than
syntactic sugar?
cheers
--
Using Opera's mail client: http://www.opera.com/mail/
