[Webkit-unassigned] [Bug 124391] text/rtf clipboard data is empty (makes TinyMCE and textbox.io require Flash)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 26 19:47:30 PST 2017


--- Comment #10 from Ryosuke Niwa <rniwa at webkit.org> ---
The issue here is that:
1. It can leak private data embedded in RTF from third party applications
2. IT can leak cross-origin content if the user had copied a range of content across an cross-origin iframe.

We need to solve both of these problems in order to enable this feature.

For 1, we probably need to paste RTF content into a document ourself, and then re-generate RTF out of the said document. For 2, we probably need to stop copying contents across an cross-origin iframe.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170127/2a92fd4d/attachment.html>

More information about the webkit-unassigned mailing list