diff options
| author | fvogel <fvogelnew1@free.fr> | 2018-01-25 18:53:34 (GMT) |
|---|---|---|
| committer | fvogel <fvogelnew1@free.fr> | 2018-01-25 18:53:34 (GMT) |
| commit | dfaf0f6750758e9dce77363c8b09d6fdf5d5afe5 (patch) | |
| tree | cc6bf86e542d3481927f3b644a52c10c2d6bc093 /doc | |
| parent | a56b3731968c34b63e1c072ea734ae450e3af8f1 (diff) | |
| parent | 68eb99822a013490173f37a8442f0eb37e51bf51 (diff) | |
| download | tk-dfaf0f6750758e9dce77363c8b09d6fdf5d5afe5.zip tk-dfaf0f6750758e9dce77363c8b09d6fdf5d5afe5.tar.gz tk-dfaf0f6750758e9dce77363c8b09d6fdf5d5afe5.tar.bz2 | |
Fix [de156e9efe]: Safe Base interpreters must not write to the PRIMARY selection. Bugfix, doc upddate and new tests by Keith Nash.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/selection.n | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/selection.n b/doc/selection.n index f5bb660..ec678fa 100644 --- a/doc/selection.n +++ b/doc/selection.n @@ -140,6 +140,26 @@ If \fIcommand\fR is specified, it is a Tcl script to execute when some other window claims ownership of the selection away from \fIwindow\fR. \fISelection\fR defaults to PRIMARY. .RE +.SH WIDGET FACILITIES +.PP +The \fBtext\fR, \fBentry\fR, \fBttk::entry\fR, \fBlistbox\fR, \fBspinbox\fR and \fBttk::spinbox\fR widgets have the option \fB\-exportselection\fR. If a widget has this option set to boolean \fBtrue\fR, then (in an unsafe interpreter) a selection made in the widget is automatically written to the \fBPRIMARY\fR selection. +.PP +A GUI event, for example \fB<<PasteSelection>>\fR, can copy the \fBPRIMARY\fR selection to certain widgets. This copy is implemented by a widget binding to the event. The binding script makes appropriate calls to the \fBselection\fR command. +.PP +.SH PORTABILITY ISSUES +.PP +On X11, the \fBPRIMARY\fR selection is a system-wide feature of the X server, allowing communication between different processes that are X11 clients. +.PP +On Windows, the \fBPRIMARY\fR selection is not provided by the system, but only by Tk, and so it is shared only between windows of a master interpreter and its unsafe slave interpreters. It is not shared between interpreters in different processes or different threads. Each master interpreter has a separate \fBPRIMARY\fR selection that is shared only with its unsafe slaves. +.PP +.SH SECURITY +.PP +A safe interpreter cannot read from the \fBPRIMARY\fR selection because its \fBselection\fR command is hidden. For this reason the \fBPRIMARY\fR selection cannot be written to the Tk widgets of a safe interpreter. +.PP +A Tk widget can have its option \fB\-exportselection\fR set to boolean \fBtrue\fR, but in a safe interpreter this option has no effect: writing from the widget to the \fBPRIMARY\fR selection is disabled. +.PP +These are security features. A safe interpreter may run untrusted code, and it is a security risk if this untrusted code can read or write the \fBPRIMARY\fR selection used by other interpreters. +.PP .SH EXAMPLES .PP On X11 platforms, one of the standard selections available is the |