Hi, On Tue, Jun 05, 2018 at 05:55:44AM -0400, Frediano Ziglio wrote: > > Hi, > > > > these patches introduce support for transferring arbitrary > > type of clipboard data between spice-gtk client and linux > > vdagent. > > > > At the moment, VDAgentClipboard* messages are used to > > exchange data. These messages use spice-defined identifiers > > to describe the type of data (such as > > VD_AGENT_CLIPBOARD_UTF8_TEXT, VD_AGENT_CLIPBOARD_IMAGE_PNG, > > ...) and hence the number of formats, in which data can be > > transferred, is limited (see atom2agent[] in clipboard.c in > > spice-vdagent). > > > > This series would intorduce new VDAgentSelection* messages > > which use MIME types to identify the format of the data. > > > > Related: https://bugzilla.redhat.com/show_bug.cgi?id=1381906 > > > > Cheers, > > Jakub > > > > What worry me more of this series is security and > compatibility. Beside code containing multiple integer > overflows leading to possible buffer overflows I more worried > by the design. > Previously formats where fixed so more in control. I think that spice clients should try to behave in similar way to other desktop applications. Having a fixed subset is more control but not too great user experience. > What happens if you paste a rich text in HTML format containing > javascript code for instance? Maybe for some bothersome types we could have them blacklisted (instead of whitelisting) > I remember when HTML e-mail were introduced and basically we had > security patches for years. This series is very similar. Did you > try to break something or did you just assume nobody will try to > break stuff? > The other is compatibility. If you copy from Linux to Linux maybe > will success but what happens if you try to copy rich text for > instance from Windows to Linux or vice versa? > > Frediano Cheers, toso
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel