[html5] r6986 - [giow] (1) Mention that UAs should whitelist filter drag-and-drop content to pre [...]
whatwg at whatwg.org
whatwg at whatwg.org
Thu Feb 9 16:24:32 PST 2012
Author: ianh
Date: 2012-02-09 16:24:30 -0800 (Thu, 09 Feb 2012)
New Revision: 6986
Modified:
complete.html
index
source
Log:
[giow] (1) Mention that UAs should whitelist filter drag-and-drop content to prevent XSS attacks.
Affected topics: HTML, Security
Modified: complete.html
===================================================================
--- complete.html 2012-02-09 23:13:01 UTC (rev 6985)
+++ complete.html 2012-02-10 00:24:30 UTC (rev 6986)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 9 February 2012</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 10 February 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -74331,7 +74331,25 @@
data to be dragged from sensitive sources and dropped into hostile
documents without the user's consent.</p>
+ <p>User agents should filter potentially active (scripted) content
+ (e.g. HTML) when it is dragged and when it is dropped, using a
+ whitelist of known-safe features. This specification does not
+ specify how this is performed.</p>
+
+ <div class=example>
+
+ <p>Consider a hostile page providing some content and gettuing the
+ user to select and drag and drop (or indeed, copy and paste) that
+ content to a victim page's <code title=attr-contenteditable><a href=#attr-contenteditable>contenteditable</a></code> region. If the
+ browser does not ensure that only safe content is dragged,
+ potentially unsafe content such as scripts and event handlers in
+ the selection, once dropped (or pasted) into the victim site, get
+ the privileges of the victim site. This would thus enable a
+ cross-site scripting attack.</p>
+
</div>
+
+ </div>
<!--REMOVE-TOPIC:Security-->
Modified: index
===================================================================
--- index 2012-02-09 23:13:01 UTC (rev 6985)
+++ index 2012-02-10 00:24:30 UTC (rev 6986)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 9 February 2012</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 10 February 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -74331,7 +74331,25 @@
data to be dragged from sensitive sources and dropped into hostile
documents without the user's consent.</p>
+ <p>User agents should filter potentially active (scripted) content
+ (e.g. HTML) when it is dragged and when it is dropped, using a
+ whitelist of known-safe features. This specification does not
+ specify how this is performed.</p>
+
+ <div class=example>
+
+ <p>Consider a hostile page providing some content and gettuing the
+ user to select and drag and drop (or indeed, copy and paste) that
+ content to a victim page's <code title=attr-contenteditable><a href=#attr-contenteditable>contenteditable</a></code> region. If the
+ browser does not ensure that only safe content is dragged,
+ potentially unsafe content such as scripts and event handlers in
+ the selection, once dropped (or pasted) into the victim site, get
+ the privileges of the victim site. This would thus enable a
+ cross-site scripting attack.</p>
+
</div>
+
+ </div>
<!--REMOVE-TOPIC:Security-->
Modified: source
===================================================================
--- source 2012-02-09 23:13:01 UTC (rev 6985)
+++ source 2012-02-10 00:24:30 UTC (rev 6986)
@@ -86941,7 +86941,26 @@
data to be dragged from sensitive sources and dropped into hostile
documents without the user's consent.</p>
+ <p>User agents should filter potentially active (scripted) content
+ (e.g. HTML) when it is dragged and when it is dropped, using a
+ whitelist of known-safe features. This specification does not
+ specify how this is performed.</p>
+
+ <div class="example">
+
+ <p>Consider a hostile page providing some content and gettuing the
+ user to select and drag and drop (or indeed, copy and paste) that
+ content to a victim page's <code
+ title="attr-contenteditable">contenteditable</code> region. If the
+ browser does not ensure that only safe content is dragged,
+ potentially unsafe content such as scripts and event handlers in
+ the selection, once dropped (or pasted) into the victim site, get
+ the privileges of the victim site. This would thus enable a
+ cross-site scripting attack.</p>
+
</div>
+
+ </div>
<!--REMOVE-TOPIC:Security-->
More information about the Commit-Watchers
mailing list