- From: Travis Leithead <notifications@github.com>
- Date: Tue, 24 Apr 2018 07:24:29 -0700
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 24 April 2018 14:24:53 UTC
I'm wondering why this has to be based on a *generic* user gesture... yes, you want to prevent drive-by clipboard access, but the platform already has a semantic-event that fires when the user is actually requesting the clipboard contents be copied and/or pasted: the `copy` and `paste` events! These seem like the ideal "user gesture", and it would be fairly straightforward to limit use of the clipboard API only to the time that these events are being dispatched. (If there is too much baggage attached to these legacy events, then mint new ones for clipboard access--I'll use those in the example.)
The UA would have code like this (Javascript for clarity):
```js
let clipboardWriteAccess = false;
function implementationOfClipboardWrite( data ) {
if (!clipboardWriteAccess) {
return Promise.reject("reason");
}
// Take the data and put it on the clipboard.
}
function onUACopyMenuOrKeyboardShortcutActivated() {
clipboardWriteAccess = true; // during this window, the clipboard.write* APIs will work...
navigator.clipboard.dispatchEvent( new Event("copyrequest") );
clipboardWriteAccess = false;
}
```
Similar code could protect clipboard reads.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/52#issuecomment-383951308
Received on Tuesday, 24 April 2018 14:24:53 UTC