(cross-posting to member-math and public-webapps, sorry if this bothers)
Interesting, meeting really helped,Yesterday, discussion with Chris Wilson and Adrian Bateman, of MSIE team, revealed that allowing arbitrary flavours would be a big security hole for Windows at least (I believe this is Windows only but can't confirm yet).
So it seems the list of safe encodings is something that would need to be worked out. A safer approach may be to require that the browsers make sure the things sipped into the clipboard/drag-content are only safe things.
Safe things include html without scripts, all picture formats (postscript as well?) and most media, but not html with scripts, not windows metafiles, not OLE or MS-office documents.
Adrian indicated method to convert html to safe-html seem to be there in MSIE 8 already. Sanitization is probably the right term here.
paul Le 22-oct.-08 à 17:02, Ian Hickson a écrit :
On Wed, 22 Oct 2008, Charles McCathieNevile wrote:Sorry, I missed this - I was otherwise occupied at lunch (I am here, BTW). Having hopefully pretty much shifted Progress Events off my plate, Ihope to move back to the clipboard API stuff now - and the HTML5 draftis indeed an important reference...Ian, how stable do you think this bit of the HTML5 spec is? (I haven'tlooked yet...)Drag and drop is very stable, it's implemented in three browsers now. There's some outstanding feedback, but not much. The implementation ofcopy and paste in terms of drag and drop (a design motivated primarily by accessibility and security concerns) is not widely implemented, though Ihave no pending feedback regarding changes to that. --Ian Hickson U+1047E ) \._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _ \ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'-- (,_..'`-.;.'
smime.p7s
Description: S/MIME cryptographic signature
