Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove support for UseLegacyDangerousClipboardDeserializationMode #1286

Merged
merged 4 commits into from
Jul 23, 2019
Merged

Remove support for UseLegacyDangerousClipboardDeserializationMode #1286

merged 4 commits into from
Jul 23, 2019

Conversation

vatsan-madhavan
Copy link
Member

Remove support for UseLegacyDangerousClipboardDeserializationMode and permanently disallow deserialization of dangerous types.

  • Removes support for AppContext flag UseLegacyDangerousClipboardDeserializationMode
  • Permanently limits clipboard-deserialziation to primitive non-text types only.

Fixes #1132

PS: Creating a WIP PR since this hasn't gone through enough testing yet.

@ghost ghost requested review from rladuca, ryalanms and stevenbrix July 16, 2019 20:14
@ghost ghost added the PR metadata: Label to tag PRs, to facilitate with triage label Jul 16, 2019
@ghost ghost requested a review from SamBent July 16, 2019 20:14
@vatsan-madhavan
Copy link
Member Author

/cc @miguep, would appreciate it if you could take a look at this.

@vatsan-madhavan vatsan-madhavan added this to the 3.0 milestone Jul 16, 2019
@vatsan-madhavan vatsan-madhavan self-assigned this Jul 16, 2019
@miguep
Copy link
Contributor

miguep commented Jul 18, 2019

This looks good to me aside from the comment in DataObject.cs

@vatsan-madhavan
Remove support for UseLegacyDangerousClipboardDeserializationMode a…
8698172 
…nd permanently disallow deserialization of dangerous types.

- Removes support for AppContext flag `UseLegacyDangerousClipboardDeserializationMode`
- Permanently limits clipboard-deserialziation to primitive non-text types only.

Fixes #1132
@vatsan-madhavan
Update comment
36ad5da
@vatsan-madhavan vatsan-madhavan force-pushed the dev/vatsan/clip-serialize-harden branch from 2a20881 to 36ad5da Compare July 19, 2019 01:49
@vatsan-madhavan vatsan-madhavan changed the title WIP: Remove support for UseLegacyDangerousClipboardDeserializationMode Remove support for UseLegacyDangerousClipboardDeserializationMode Jul 19, 2019
@vatsan-madhavan vatsan-madhavan merged commit a9b5c09 into master Jul 23, 2019
@vatsan-madhavan vatsan-madhavan deleted the dev/vatsan/clip-serialize-harden branch July 23, 2019 01:28
@grubioe grubioe mentioned this pull request Jul 29, 2019
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Apr 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@weltkante weltkante weltkante left review comments

@miguep miguep miguep left review comments

@rladuca rladuca rladuca approved these changes

@ryalanms ryalanms Awaiting requested review from ryalanms

@stevenbrix stevenbrix Awaiting requested review from stevenbrix

@SamBent SamBent Awaiting requested review from SamBent

Assignees

@vatsan-madhavan vatsan-madhavan

Labels
PR metadata: Label to tag PRs, to facilitate with triage
Projects
None yet
Milestone
3.0
Development

Successfully merging this pull request may close these issues.

Removing support for UseLegacyDangerousClipboardDeserializationMode and restrictDeserialization`
4 participants
@vatsan-madhavan @miguep @weltkante @rladuca