[Webkit-unassigned] [Bug 124391] text/rtf clipboard data is empty (makes TinyMCE and textbox.io require Flash)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 26 19:47:30 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=124391
--- Comment #10 from Ryosuke Niwa <rniwa at webkit.org> ---
The issue here is that:
1. It can leak private data embedded in RTF from third party applications
2. IT can leak cross-origin content if the user had copied a range of content across an cross-origin iframe.
We need to solve both of these problems in order to enable this feature.
For 1, we probably need to paste RTF content into a document ourself, and then re-generate RTF out of the said document. For 2, we probably need to stop copying contents across an cross-origin iframe.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170127/2a92fd4d/attachment.html>
More information about the webkit-unassigned
mailing list