Subj : Re: midas, execCommand, cut, copy & paste To : netscape.public.mozilla.jseng,netscape.public.mozilla.xpcom From : Fredrik de Vibe Date : Fri Apr 18 2003 03:48 am David Bradley writes: > Fredrik de Vibe wrote: > > for it's 'own' site. I also fail to see the potential security issues > > wrt this, so if somebody would enlighten me here as well, I'd be > > grateful. > > It would allow a web page to transmit the contents of the clipboard > back. Now imagine you had a credit card number, ss #, or other > sensitive information in the clipboard. You don't want web sites > having access to any local data, including the clipboard, without the > user's knowledge. Fair enough, I see the problem (though as Igor pointed out, I'm not too sure that I like the fact that this behaviour doesn't apply to mozilla.org by default without any notice). Nevertheless, while in the spec only paste is listed as disabled due to security issues, neither cut nor copy is (i.e. listed as diabled). It appears to me the security issues don't apply to these functions but they are still casting the same exception indicating they too are disabled for the same reason (1.4a), that sounds to me like either something missing from the spec or a bug. -- --Fredrik "Just once, I wish we would encounter an alien menace that wasn't immune to bullets" -- The Brigader, "Dr. Who" .