Copy & Paste XSS using OpenOffice / LibreOffice

Copy & pasting content from an ODT into a browser window can be dangerous.
A malicious ODT might contain invisible payload that will unfold upon being pasted into an editable area.
Wanna try? The following steps are necessary for a successful repro:

• Open the ODT file linked below (OpenOffice, LibreOffice)
• Copy the string "Hello"
• Paste it into an RTE or the editable area below
• Click the resulting red thing (Works in FF, Chrome, Opera, Safari, etc.)

• Here's the ODT we are using!
• The styles.xml used in the ODT
• » Paste me here! «

Mitigation: Try to avoid using the Internet in general.
Or sanitize the RTE's content after the onpaste-event was fired.
DOMPurify is a great tool for doing that :)