Bug 131767

Summary:

Local files should not be allowed to read pasteboard data during drag

Product:

WebKit

Reporter:

Alexey Proskuryakov <ap>

Component:

WebCore Misc.

Assignee:

Alexey Proskuryakov <ap>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, darin

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

131770

Bug Blocks:

Attachments:

Description	Flags
proposed patch	none

Description Alexey Proskuryakov 2014-04-16 15:12:54 PDT

As implemented in <http://trac.webkit.org/changeset/6840> for Dashboard, local files are allowed to read pasteboard data during drag, while normal documents can only do that during drop even handling.

Even local documents should not be allowed to sniff content simply dragged over them, they are not that trusted. I'm going to make this a Dashboard quirk instead.

Comment 1 Alexey Proskuryakov 2014-04-25 12:43:14 PDT

Created attachment 230191 [details]
proposed patch

Comment 2 WebKit Commit Bot 2014-04-26 19:48:47 PDT

Comment on attachment 230191 [details]
proposed patch

Clearing flags on attachment: 230191

Committed r167850: <http://trac.webkit.org/changeset/167850>

Comment 3 WebKit Commit Bot 2014-04-26 19:48:50 PDT

All reviewed patches have been landed.  Closing bug.

Comment 4 Darin Adler 2014-04-27 10:23:23 PDT

Comment on attachment 230191 [details]
proposed patch

View in context: https://bugs.webkit.org/attachment.cgi?id=230191&action=review

> Source/WebCore/page/DragController.cpp:186
> +        DataTransferAccessPolicy::Readable : DataTransferAccessPolicy::TypesReadable;

Missing indentation here. I normally find that this:

    <long line>
        ? x : y;

Is more readable than:

    <long line> ?
        x : y;

But the code above is:

    <long line> ?
    x : y;