#273 closed enhancement (fixed)
macos to handle more clipboard formats, converting them on the fly
| Reported by: | Antoine Martin | Owned by: | Antoine Martin |
|---|---|---|---|
| Priority: | minor | Milestone: | 4.1 |
| Component: | clipboard | Version: | |
| Keywords: | security | Cc: |
Description
At the moment, we simply drop these types of clipboard data:
if type in ("WINDOW", "PIXMAP", "BITMAP", "DRAWABLE", "PIXEL", "COLORMAP"):
debug("skipping clipboard data of type: %s, format=%s, len(data)=%s", dtype, dformat, len(data))
return None, None
We could try to handle some of those, and provide them in multiple formats since we generally have PIL available for converting between formats.
From a security POV, it probably makes sense to always convert formats so that we can "guarantee" that the data we send over the wire is not malicious?
Think: an application providing a JPEG based buffer overflow via the clipboard: worst case scenario is that the xpra server crashes parsing it or maybe it gets compromised, but the client machine will not receive the malicious content directly.
But then again, if you can exploit the server, you can then inject the bad content in there.. I guess it's still a first line of defense.
Change History (10)
comment:1 Changed 9 years ago by
| Milestone: | 0.9 → 1.0 |
|---|---|
| Status: | new → accepted |
comment:2 Changed 9 years ago by
comment:6 Changed 5 years ago by
| Milestone: | 1.0 → 3.0 |
|---|
comment:8 Changed 3 years ago by
| Milestone: | 3.0 → 4.0 |
|---|---|
| Status: | accepted → new |
comment:9 Changed 2 years ago by
| Component: | core → clipboard |
|---|---|
| Keywords: | clipboard removed |
| Milestone: | 4.0 → 4.1 |
| Status: | new → assigned |
For win32: #2619
comment:10 Changed 2 years ago by
| Summary: | handle more clipboard formats, converting them on the fly → macos to handle more clipboard formats, converting them on the fly |
|---|
html5 was done in #2312
This only leaves macos for this ticket. (summary updated)
Examples:
- pypi : pasteboard
- AppKit example - maybe using
NSTIFFPboardType? - example code:
def copyToPasteboard_(self, string): pasteboard = NSPasteboard.generalPasteboard() pasteboard.declareTypes_owner_([NSStringPboardType], self) pasteboard.setString_forType_(string, NSStringPboardType)
comment:11 Changed 2 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
MacOS clipboard updates:
- r26670 implements images support, for other data types: #2807.
- r26672 + r26678 + r26679 + r26685: debug logging improvements
- r26683 + r26688 handle more formats, honour "want-targets"
- r26684 use pillow if we need to convert the image
- r26689 fix sending images to the macos clipboard
Generic clipboard updates:
- r26680: simplify owner-changed handler
- r26681: don't wait to send lightweight clipboard tokens
- r26682: peers that request 'want-targets' need to be notified of owner changes as the targets are very likely to have changed with it
We should also sanitize images in both directions: #2808.
comment:12 Changed 17 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/273
copyleft 2010 - 2021
Now that both OSX and win32 are using synchronous clipboard code (pretty much) and OSX is using at least some native call (see #318 for details)
It probably makes sense to use native libraries directly for accessing rich formats: