Currently, reading PNGs from the system clipboard involves sanitizing the image by stripping its metadata. There is a strong argument that images from the system clipboard should not be sanitized on read, and this behavior is inconsistent with other major browser vendors and other forms of importing images, such as <input type="file">. See https://crbug.com/1177229
for further explanation.
Additionally, this significantly reduces the cost of pasting images from the clipboard in the vast majority of use cases (14x speed-up reading very large PNGs in limited testing).
TAG review statusNot applicable
Interoperability and Compatibility
This change will put us in line with other browser vendors.Gecko
: Shipped/ShippingWeb developers
: Strongly positive (https://crbug.com/698793
This change is a net win for security on Android, since we will no longer be using an unsafe bitmap decoder.
Requires code in //chrome?False
Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5629962485760000