W3C home > Mailing lists > Public > public-webapi@w3.org > February 2006

Re: Safe copy and paste with scripts

From: Jonas Sicking <jonas@sicking.cc>
Date: Tue, 28 Feb 2006 13:53:23 -0800
Message-ID: <4404C653.7030702@sicking.cc>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Web APIs WG <public-webapi@w3.org>

>>> I would like copy/paste integration to be on the agenda. I believe 
>>> these operations can be offered securely (and implemented in various 
>>> nonstandard ways by IE, Firefox and in some cases Safari):
>>> 1) copy
>>> 2) cut (in an editable context)
>>> 3) event on copy that lets you prevent the default action and 
>>> substitute other content
>>> 4) event on paste that lets you prevent the default action and 
>>> substitite other content
>>
>> An issue with 1-3 is that a site could stop the user from copying 
>> content off the site. We already see a similar thing happening where 
>> sites cancel the rightclick event to prevent users from doing "view 
>> source".
>>
>> A site could use the copy-event in 3 to always replace the copied 
>> contents with an empty string (or a string containing some copyright 
>> statement). Or the site could on every key-press and mouse-click 
>> cut/copy an empty string to the clipboard.
> 
> I think this is only an issue with #3 (unless you think sites will spin 
> in a loop doing a copy on an empty selection, I think this is unlikely). 

You only need to do it when a key event is fired (to stop ctrl-c) and
mousemove (to stop using the contextmenu). Or you can do it on a timer
every 3 seconds.

/ Jonas
Received on Tuesday, 28 February 2006 21:53:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:53 GMT