Closed
Bug 1689835
Opened 3 years ago
Closed 3 years ago
clipboard.write: Sanitize HTML
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, task)
Core
DOM: Copy & Paste and Drag & Drop
Tracking
()
RESOLVED
FIXED
90 Branch
Tracking | Status | |
---|---|---|
firefox90 | --- | fixed |
People
(Reporter: evilpie, Assigned: evilpie)
References
Details
Attachments
(2 files)
We probably need to that for SVG as well. PNG images we already decode, so I think they are technically sanitized.
Webkit describes their sanitation process here: https://webkit.org/blog/10855/async-clipboard-api/.
Updated•3 years ago
|
Severity: -- → S3
Updated•3 years ago
|
Severity: S3 → N/A
Assignee | ||
Comment 1•3 years ago
|
||
Adding SVG sanitization would require a fair bit of new code. Disable
this for now, considering that Chrome doesn't seem to be shipping this.
Updated•3 years ago
|
Assignee: nobody → evilpies
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•3 years ago
|
||
Depends on D110041
Assignee | ||
Updated•3 years ago
|
Component: DOM: Core & HTML → DOM: Copy & Paste and Drag & Drop
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/autoland/rev/2ffd7c73377a Clipboard.write: Disable SVG support. r=nika https://hg.mozilla.org/integration/autoland/rev/413d7137661b clipboard.write: Sanitize HTML. r=nika
Comment 4•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2ffd7c73377a
https://hg.mozilla.org/mozilla-central/rev/413d7137661b
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox90:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•