[Webkit-unassigned] [Bug 19893] event.(dataTransfer|clipboardData).getData('text/html') (onpaste, ondrop)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 17 01:27:14 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=19893
--- Comment #4 from Oliver Hunt <oliver at apple.com> 2010-03-17 01:27:14 PST ---
(From update of attachment 50877)
You need to test the effect of copy/pasting say
<div onload="alert(1)"></div>
I suspect the getData("text/html") query will currently produce a string that
contains the event handler which is _probably_ unsafe.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list