[Spice-devel] [RFC 0/8] Clipboard - using MIME types
Frediano Ziglio
fziglio at redhat.com
Tue Jun 5 09:55:44 UTC 2018
>
> Hi,
>
> these patches introduce support for transferring arbitrary type of clipboard
> data between spice-gtk client and linux vdagent.
>
> At the moment, VDAgentClipboard* messages are used to exchange data. These
> messages use spice-defined identifiers to describe the type of data (such as
> VD_AGENT_CLIPBOARD_UTF8_TEXT, VD_AGENT_CLIPBOARD_IMAGE_PNG, ...) and hence
> the number of formats, in which data can be transferred, is limited (see
> atom2agent[] in clipboard.c in spice-vdagent).
>
> This series would intorduce new VDAgentSelection* messages which use MIME
> types to identify the format of the data.
>
> Related: https://bugzilla.redhat.com/show_bug.cgi?id=1381906
>
> Cheers,
> Jakub
>
What worry me more of this series is security and compatibility.
Beside code containing multiple integer overflows leading to possible
buffer overflows I more worried by the design.
Previously formats where fixed so more in control.
What happens if you paste a rich text in HTML format containing
javascript code for instance?
I remember when HTML e-mail were introduced and basically we had
security patches for years. This series is very similar. Did you
try to break something or did you just assume nobody will try to
break stuff?
The other is compatibility. If you copy from Linux to Linux maybe
will success but what happens if you try to copy rich text for
instance from Windows to Linux or vice versa?
Frediano
More information about the Spice-devel
mailing list