> > Hi, > > these patches introduce support for transferring arbitrary type of clipboard > data between spice-gtk client and linux vdagent. > > At the moment, VDAgentClipboard* messages are used to exchange data. These > messages use spice-defined identifiers to describe the type of data (such as > VD_AGENT_CLIPBOARD_UTF8_TEXT, VD_AGENT_CLIPBOARD_IMAGE_PNG, ...) and hence > the number of formats, in which data can be transferred, is limited (see > atom2agent[] in clipboard.c in spice-vdagent). > > This series would intorduce new VDAgentSelection* messages which use MIME > types to identify the format of the data. > > Related: https://bugzilla.redhat.com/show_bug.cgi?id=1381906 > > Cheers, > Jakub > What worry me more of this series is security and compatibility. Beside code containing multiple integer overflows leading to possible buffer overflows I more worried by the design. Previously formats where fixed so more in control. What happens if you paste a rich text in HTML format containing javascript code for instance? I remember when HTML e-mail were introduced and basically we had security patches for years. This series is very similar. Did you try to break something or did you just assume nobody will try to break stuff? The other is compatibility. If you copy from Linux to Linux maybe will success but what happens if you try to copy rich text for instance from Windows to Linux or vice versa? Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel