[Webkit-unassigned] [Bug 124391] text/rtf clipboard data is empty (makes TinyMCE and textbox.io require Flash)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 26 19:52:00 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=124391
--- Comment #11 from Chris Dumez <cdumez at apple.com> ---
(In reply to comment #10)
> The issue here is that:
> 1. It can leak private data embedded in RTF from third party applications
> 2. IT can leak cross-origin content if the user had copied a range of
> content across an cross-origin iframe.
>
> We need to solve both of these problems in order to enable this feature.
>
> For 1, we probably need to paste RTF content into a document ourself, and
> then re-generate RTF out of the said document. For 2, we probably need to
> stop copying contents across an cross-origin iframe.
I am not sure I understand 1. I think it would be that third party app's responsibility to to put in the clipboard private data.
I understand 2. and it is the reason RTF was blacklisted in the first place as far as I can tell. I agree with your solution also it may be a little annoying to implement since AppKit does the RTF conversion for us.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170127/0c17acd8/attachment.html>
More information about the webkit-unassigned
mailing list