Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[giow] (1) Mention that UAs should whitelist filter drag-and-drop con…
…tent to prevent XSS attacks.

Affected topics: HTML, Security

git-svn-id: http://svn.whatwg.org/webapps@6986 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Feb 10, 2012
1 parent 253c887 commit 18a3d3d
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 2 deletions.
20 changes: 19 additions & 1 deletion complete.html
Expand Up @@ -240,7 +240,7 @@

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 9 February 2012</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 10 February 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
Expand Down Expand Up @@ -74331,6 +74331,24 @@ <h4 id=security-risks-in-the-drag-and-drop-model><span class=secno>8.6.9 </span>
data to be dragged from sensitive sources and dropped into hostile
documents without the user's consent.</p>

<p>User agents should filter potentially active (scripted) content
(e.g. HTML) when it is dragged and when it is dropped, using a
whitelist of known-safe features. This specification does not
specify how this is performed.</p>

<div class=example>

<p>Consider a hostile page providing some content and gettuing the
user to select and drag and drop (or indeed, copy and paste) that
content to a victim page's <code title=attr-contenteditable><a href=#attr-contenteditable>contenteditable</a></code> region. If the
browser does not ensure that only safe content is dragged,
potentially unsafe content such as scripts and event handlers in
the selection, once dropped (or pasted) into the victim site, get
the privileges of the victim site. This would thus enable a
cross-site scripting attack.</p>

</div>

</div>
<!--REMOVE-TOPIC:Security-->

Expand Down
20 changes: 19 additions & 1 deletion index
Expand Up @@ -240,7 +240,7 @@

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 9 February 2012</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 10 February 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
Expand Down Expand Up @@ -74331,6 +74331,24 @@ dictionary <dfn id=drageventinit>DragEventInit</dfn> : <a href=#mouseeventinit>M
data to be dragged from sensitive sources and dropped into hostile
documents without the user's consent.</p>

<p>User agents should filter potentially active (scripted) content
(e.g. HTML) when it is dragged and when it is dropped, using a
whitelist of known-safe features. This specification does not
specify how this is performed.</p>

<div class=example>

<p>Consider a hostile page providing some content and gettuing the
user to select and drag and drop (or indeed, copy and paste) that
content to a victim page's <code title=attr-contenteditable><a href=#attr-contenteditable>contenteditable</a></code> region. If the
browser does not ensure that only safe content is dragged,
potentially unsafe content such as scripts and event handlers in
the selection, once dropped (or pasted) into the victim site, get
the privileges of the victim site. This would thus enable a
cross-site scripting attack.</p>

</div>

</div>
<!--REMOVE-TOPIC:Security-->

Expand Down
19 changes: 19 additions & 0 deletions source
Expand Up @@ -86941,6 +86941,25 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
data to be dragged from sensitive sources and dropped into hostile
documents without the user's consent.</p>

<p>User agents should filter potentially active (scripted) content
(e.g. HTML) when it is dragged and when it is dropped, using a
whitelist of known-safe features. This specification does not
specify how this is performed.</p>

<div class="example">

<p>Consider a hostile page providing some content and gettuing the
user to select and drag and drop (or indeed, copy and paste) that
content to a victim page's <code
title="attr-contenteditable">contenteditable</code> region. If the
browser does not ensure that only safe content is dragged,
potentially unsafe content such as scripts and event handlers in
the selection, once dropped (or pasted) into the victim site, get
the privileges of the victim site. This would thus enable a
cross-site scripting attack.</p>

</div>

</div>
<!--REMOVE-TOPIC:Security-->

Expand Down

0 comments on commit 18a3d3d

Please sign in to comment.