Bugtraq mailing list archives
Re: [#1298868584] Copy&paste from web browser considered dangerous
From: "Google Security" <security () google com>
Date: Thu, 06 Jun 2013 20:11:03 -0000
Hi Pavel, Since Chrome is based on Chromium (an open source project), please file the report directly in their bug tracker: http://crbug.com The provides a number of benefits: - You get direct access to the same developers that will triage and fix the issue; and - Once it's fixed, the bug will be made public (though if you use the "Security Bug" template, the bug will be restricted to a small group of security engineers until this occurs). Regards, The Google Team Original Message Follows: ------------------------ From: Pavel Machek <pavel () ucw cz> Subject: Copy&paste from web browser considered dangerous Date: Sat, 1 Jun 2013 15:46:00 +0200
Hi! Apparently this is known for years, but... there are many legitimate websites that expect you to copy&paste into terminal, but it is very easy to paste something you did not want to. Demo is at http://thejh.net/misc/website-terminal-copy-paste I believe it is a bug in the web browser: if text was invisible on the page, it should not go to the buffer. Javascript should not be able play tricks with that. Or alternatively, if text on screen differs from text going to copy-paste buffer, warning with new text should be displayed. (security@google cc-ed, at least chromium on debian 6 is affected). Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Current thread:
- Re: [#1298868584] Copy&paste from web browser considered dangerous Google Security (Jun 10)