Read unsanitized PNGs from the system clipboard. This will apply to both DataTransfer and the Async Clipboard API (navigator.clipboard.read()).
This change will put us in line with other browser vendors.
This change is a net win for security on Android, since we will no longer be using an unsafe bitmap decoder.
N/A
Contact emails
LGTM1 with caveats:Thanks!
- this sanitization behavior was previously discussed with the TAG, and not updating them on it is a mistake. Please file a non-blocking FYI with them
- the explainer was less clear than the bug, requiring the OWNERs to read all the linked threads in detail. Ideally, an Explainer should clarify what is changing, why, and who it helps.
- Please post explainers as GH markdown files rather than google docs
On Friday, August 6, 2021 at 10:47:04 AM UTC-7 Austin Sullivan wrote:
Contact emails
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/244c6375-b991-4015-89ba-954295062d68n%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2Bm%3DdJpYJLoY7zsuHP_Rg5oX-_mK%2BpwvQLjdqEXbffQXDwMBWQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BOSsVaZ4nUQDqy_gZ_7HTUSLVgt5qUtoAFDj8P6C%2BJQO08f%3DQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUDSNk2yGOwzNyjuW%3D60BhSfUkHNTXETdCKEawZ9eHcYg%40mail.gmail.com.