Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [#1298868584] Copy&paste from web browser considered dangerous
From: "Google Security" <security () google com>
Date: Thu, 06 Jun 2013 20:11:03 -0000

Hi Pavel,

Since Chrome is based on Chromium (an open source project), please file
the report directly in their bug tracker: http://crbug.com

The provides a number of benefits: 
- You get direct access to the same developers that will triage and fix
the issue; and 
- Once it's fixed, the bug will be made public (though if you use the
"Security Bug" template, the bug will be restricted to a small group of
security engineers until this occurs). 

Regards,

The Google Team



Original Message Follows:
------------------------
From: Pavel Machek <pavel () ucw cz>
Subject: Copy&paste from web browser considered dangerous
Date: Sat, 1 Jun 2013 15:46:00 +0200

Hi!

Apparently this is known for years, but... there are many legitimate
websites that expect you to copy&paste into terminal, but it is very
easy to paste something you did not want to. Demo is at

http://thejh.net/misc/website-terminal-copy-paste

I believe it is a bug in the web browser: if text was invisible on the
page, it should not go to the buffer. Javascript should not be able
play tricks with that.

Or alternatively, if text on screen differs from text going to
copy-paste buffer, warning with new text should be displayed. 

(security () google cc-ed, at least chromium on debian 6 is affected).
                                                                      Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html



  By Date           By Thread  

Current thread:
  • Re: [#1298868584] Copy&paste from web browser considered dangerous Google Security (Jun 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]