Paul Libbrecht wrote: > Yesterday, discussion with Chris Wilson and Adrian Bateman, of MSIE > team, revealed that allowing arbitrary flavours would be a big > security hole for Windows at least (I believe this is Windows only but > can't confirm yet).
I wouldn't call it a security hole as much as I would call it "unbounded attack surface area". :) At any rate, it would be surface area for any OS that allowed arbitrary types on the clipboard; this isn't a Windows implementation issue. > A safer approach may be to require that the browsers make sure the > things sipped into the clipboard/drag-content are only safe things. That's the rub of my feedback, yes. -Chris