Folks: Collin Jackson is an expert on browser security. He looked into the question of whether malicious JavaScript running on a web page that you are viewing could read the contents of your Windows clipboard. If so, then such malicious JavaScript would be able to steal any capabilities that you were cutting and pasting. (Or, if you were using passwords instead of capabilities, such JavaScript would be able to steal any passwords that you cut and paste.)
However, it turns out that this has been fixed in IE7. Regards, Zooko Begin forwarded message: > From: "Collin Jackson" <[EMAIL PROTECTED]> > Date: November 8, 2008 12:55:02 PM MST > To: [EMAIL PROTECTED] > Subject: Disabling clipboard access in Internet Explorer > > Hi Zooko, > > I've been meaning to touch base with you on clipboard access in IE. > > My statements about clipboard access were based on IE6; it looks like > Microsoft has taken steps to address this issue in IE7 and now prompts > the user for clipboard access: > > http://msdn.microsoft.com/en-us/library/bb250473(VS.85).aspx > > Based on this, I don't think you need to worry too much about > clipboard snooping in IE7. If you want to provide instructions for IE6 > users, here they are: > > http://support.microsoft.com/kb/224993 > > Note that Flash Player allows sites to save information to the > clipboard (but not read it) without prompting. > > -- Collin Jackson _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
