W3C home > Mailing lists > Public > public-webapi@w3.org > February 2006

Re: Safe copy and paste with scripts

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 28 Feb 2006 15:42:43 -0800
Message-Id: <5314B6C3-BD8A-4125-9F29-FCC8589A14FE@apple.com>
Cc: paul@activemath.org, Web APIs WG <public-webapi@w3.org>
To: Jonas Sicking <jonas@sicking.cc>


On Feb 28, 2006, at 3:15 PM, Jonas Sicking wrote:

> Maciej Stachowiak wrote:
>> I thought about this some more. I think the select event,  
>> implmented by IE, Mozilla and Safari already would let content  
>> authors completely prevent copying text out of the page by  
>> preventing selection. But I don't know of any examples of it being  
>> used this way.
>> So (a) the cat is out of the bag and (b) in practice content  
>> authors don't seem that keen on entirely preventing users from  
>> copying text.
>
> Yeah, i thought about this too. You could probably also call .blur 
> () every time a node got focus.
>
> And we even have a CSS property in mozilla that is supposed to give  
> control over selection. However it currently is buggy enough that  
> it actually doesn't prevent copying.

I think if selection control is provided to all sites then

> But I think that it's only a matter of time until these things are  
> abused.

I'm not so sure. The things sites usually want to do that are  
contrary to user interersts (short of actual security exploits) are  
display of highly non-ignorable advertising and preventing users from  
seeing the source to the site. I don't think sites usually want to  
keep you from copying the visible text. They want you to be able to  
quote the site in an email or chat message, etc. Plus you can always  
add a special copy command that bypasses the event if it does get  
abused (something that's harder to do for the existing selection  
control).

> At the same time i do realize that this stuff could be useful. I've  
> long wanted to add some capability to mozilla/firefox so that a  
> site can be flagged as "I don't trust this site not to hack my  
> computer, but I do trust it not to annoy me" which would allow  
> stuff like chrome-less windows, pop-ups, resize windows, change  
> statusbar and stuff like that.
>
> Such a site would of course get access to clipboard things too.

I don't really think this is required for clipboard access. It's not  
applied to selection control, which is equally if not more abusable.  
And these things are implemented in IE already, and I do not believe  
they are frequently abused there.

Regards,
Maciej
Received on Tuesday, 28 February 2006 23:42:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:53 GMT