Open Bug 1464725 Opened 7 years ago Updated 3 years ago

Don't copy HTML <img> data when using "Copy Image"

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

Product:
Core
Component:
DOM: Core & HTML
Version:
61 Branch
Type:
enhancement

Tracking

()

People

(Reporter: mozilla, Unassigned)

Details

Using the "Copy Image" function should only copy the image bitmap data to the clipboard. It currently also copies the complete <img> tag including the src and any other attributes, which might contain sensitive data. This data can be read by other applications or websites when pasted, which the user probably does not want nor expect. In some cases, even the image URL might be something the user does not want to "leak" to a third party. If there are usability reasons for including an HTML <img> tag in the clipboard, I suggest creating a new <img> tag with (exclusively) a "data:image/png;base64" source.
To reproduce this, you can copy an image in Firefox and paste it into an Element with contenteditable=true.
I tested this on latest Nightly and it is reproducible. Image copying includes the source information as well. However, this is also reproducible in other browsers like google chrome. Is this an enhancement(or a feature request) or an issue with Firefox browser? Thanks My Test environments: Test page: data:text/html,<div contenteditable="true">paste here </div> Browser: Version 62.0a1 Build ID 20180531101452 Update Channel nightly User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Flags: needinfo?(mozilla)
In my opinion it's a privacy issue that needs to be fixed. The source URL is something that the user possibly doesn't want to paste. To give a concrete example, a user might copy an image from their workplace related domain and paste it somewhere else without accidentally disclosing their employer. But other attributes also come into play. They might reveal the user-id, username, or other personally identifying information of the user copying the image. A user copying an image of their friend's cat might not be aware the alt tag includes their friend's name, which they don't intent to copy/paste as well. In general, "copy image" should not copy ANY information invisible to the user. It should only copy the pixels and nothing else.
Flags: needinfo?(mozilla)
I guess this belongs in Core :: DOM & HTML? Hey nika, you worked on Clipboard-y things (and I believe your intern is also doing Clipboard-y things)... do you happen to know what the expected behaviour is here?
Component: Untriaged → DOM: Core & HTML
Flags: needinfo?(nika)
Product: Firefox → Core
Opinions vary from person to person and case to case, some might find copying direct <img> attributes undesirable in some cases while others might find it helpful in some cases. So I wonder if we could add some pref that switches on/off conversion of <img> data to base64 data, and defaults it to true(Since direct <img> attributes are in general not something the user would like to paste).
Copy Image is (IIRC) not a standardized thing. I think it's doing the "right" thing currently, but it may not be the most desirable result. I'd be fine with changing the behaviour to synthesize a data URI and image tag for this situation if everyone agrees it's the more desirable situation.
Flags: needinfo?(nika)
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.