[Webkit-unassigned] [Bug 190864] New: Allow custom pasteboard data to be read across origins

Tue Oct 23 23:21:56 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=190864

            Bug ID: 190864
           Summary: Allow custom pasteboard data to be read across origins
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: wenson_hsieh at apple.com
                CC: wenson_hsieh at apple.com

Chrome doesn't apply the same cross-origin restrictions on custom pasteboard data types as WebKit. We should consider removing this restriction in WebKit.

At TPAC 2018, Johannes cited a use case of being able to copy and paste specially crafted markup across origins in rich text editors — for example, one could write markup to the pasteboard intended for Wordpress under a custom pasteboard type, which Wordpress would then respect and use when pasting.

This would also provide an avenue for web applications to send unsanitized image data to each other, cross origin, using an agreed-upon custom pasteboard type.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181024/a5d279da/attachment.html>