[html5] r6986 - [giow] (1) Mention that UAs should whitelist filter drag-and-drop content to pre [...]

whatwg at whatwg.org whatwg at whatwg.org
Thu Feb 9 16:24:32 PST 2012


Author: ianh
Date: 2012-02-09 16:24:30 -0800 (Thu, 09 Feb 2012)
New Revision: 6986

Modified:
   complete.html
   index
   source
Log:
[giow] (1) Mention that UAs should whitelist filter drag-and-drop content to prevent XSS attacks.
Affected topics: HTML, Security

Modified: complete.html
===================================================================
--- complete.html	2012-02-09 23:13:01 UTC (rev 6985)
+++ complete.html	2012-02-10 00:24:30 UTC (rev 6986)
@@ -240,7 +240,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 9 February 2012</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 10 February 2012</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -74331,7 +74331,25 @@
   data to be dragged from sensitive sources and dropped into hostile
   documents without the user's consent.</p>
 
+  <p>User agents should filter potentially active (scripted) content
+  (e.g. HTML) when it is dragged and when it is dropped, using a
+  whitelist of known-safe features. This specification does not
+  specify how this is performed.</p>
+
+  <div class=example>
+
+   <p>Consider a hostile page providing some content and gettuing the
+   user to select and drag and drop (or indeed, copy and paste) that
+   content to a victim page's <code title=attr-contenteditable><a href=#attr-contenteditable>contenteditable</a></code> region. If the
+   browser does not ensure that only safe content is dragged,
+   potentially unsafe content such as scripts and event handlers in
+   the selection, once dropped (or pasted) into the victim site, get
+   the privileges of the victim site. This would thus enable a
+   cross-site scripting attack.</p>
+
   </div>
+
+  </div>
 <!--REMOVE-TOPIC:Security-->
 
 

Modified: index
===================================================================
--- index	2012-02-09 23:13:01 UTC (rev 6985)
+++ index	2012-02-10 00:24:30 UTC (rev 6986)
@@ -240,7 +240,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 9 February 2012</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 10 February 2012</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -74331,7 +74331,25 @@
   data to be dragged from sensitive sources and dropped into hostile
   documents without the user's consent.</p>
 
+  <p>User agents should filter potentially active (scripted) content
+  (e.g. HTML) when it is dragged and when it is dropped, using a
+  whitelist of known-safe features. This specification does not
+  specify how this is performed.</p>
+
+  <div class=example>
+
+   <p>Consider a hostile page providing some content and gettuing the
+   user to select and drag and drop (or indeed, copy and paste) that
+   content to a victim page's <code title=attr-contenteditable><a href=#attr-contenteditable>contenteditable</a></code> region. If the
+   browser does not ensure that only safe content is dragged,
+   potentially unsafe content such as scripts and event handlers in
+   the selection, once dropped (or pasted) into the victim site, get
+   the privileges of the victim site. This would thus enable a
+   cross-site scripting attack.</p>
+
   </div>
+
+  </div>
 <!--REMOVE-TOPIC:Security-->
 
 

Modified: source
===================================================================
--- source	2012-02-09 23:13:01 UTC (rev 6985)
+++ source	2012-02-10 00:24:30 UTC (rev 6986)
@@ -86941,7 +86941,26 @@
   data to be dragged from sensitive sources and dropped into hostile
   documents without the user's consent.</p>
 
+  <p>User agents should filter potentially active (scripted) content
+  (e.g. HTML) when it is dragged and when it is dropped, using a
+  whitelist of known-safe features. This specification does not
+  specify how this is performed.</p>
+
+  <div class="example">
+
+   <p>Consider a hostile page providing some content and gettuing the
+   user to select and drag and drop (or indeed, copy and paste) that
+   content to a victim page's <code
+   title="attr-contenteditable">contenteditable</code> region. If the
+   browser does not ensure that only safe content is dragged,
+   potentially unsafe content such as scripts and event handlers in
+   the selection, once dropped (or pasted) into the victim site, get
+   the privileges of the victim site. This would thus enable a
+   cross-site scripting attack.</p>
+
   </div>
+
+  </div>
 <!--REMOVE-TOPIC:Security-->
 
 




More information about the Commit-Watchers mailing list