[Spice-devel] [RFC 0/8] Clipboard - using MIME types
Victor Toso
victortoso at redhat.com
Tue Jun 5 10:05:40 UTC 2018
Hi,
On Tue, Jun 05, 2018 at 05:55:44AM -0400, Frediano Ziglio wrote:
> > Hi,
> >
> > these patches introduce support for transferring arbitrary
> > type of clipboard data between spice-gtk client and linux
> > vdagent.
> >
> > At the moment, VDAgentClipboard* messages are used to
> > exchange data. These messages use spice-defined identifiers
> > to describe the type of data (such as
> > VD_AGENT_CLIPBOARD_UTF8_TEXT, VD_AGENT_CLIPBOARD_IMAGE_PNG,
> > ...) and hence the number of formats, in which data can be
> > transferred, is limited (see atom2agent[] in clipboard.c in
> > spice-vdagent).
> >
> > This series would intorduce new VDAgentSelection* messages
> > which use MIME types to identify the format of the data.
> >
> > Related: https://bugzilla.redhat.com/show_bug.cgi?id=1381906
> >
> > Cheers,
> > Jakub
> >
>
> What worry me more of this series is security and
> compatibility. Beside code containing multiple integer
> overflows leading to possible buffer overflows I more worried
> by the design.
> Previously formats where fixed so more in control.
I think that spice clients should try to behave in similar way to
other desktop applications. Having a fixed subset is more control
but not too great user experience.
> What happens if you paste a rich text in HTML format containing
> javascript code for instance?
Maybe for some bothersome types we could have them blacklisted
(instead of whitelisting)
> I remember when HTML e-mail were introduced and basically we had
> security patches for years. This series is very similar. Did you
> try to break something or did you just assume nobody will try to
> break stuff?
> The other is compatibility. If you copy from Linux to Linux maybe
> will success but what happens if you try to copy rich text for
> instance from Windows to Linux or vice versa?
>
> Frediano
Cheers,
toso
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180605/8f0ddb37/attachment.sig>
More information about the Spice-devel
mailing list