W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

From: João Eiras <joao.eiras@gmail.com>
Date: Thu, 19 May 2011 12:01:37 +0100
Message-ID: <BANLkTimTb4tqXWbYMG5dsAZfY1nHQjyvFQ@mail.gmail.com>
To: public-webapps@w3.org
On Thu, May 19, 2011 at 7:43 AM, Paul Libbrecht <paul@hoplahup.net> wrote:
>
> Le 19 mai 2011 à 02:11, João Eiras a écrit :
>
>> getData and setData must work outside clipboard events, like when clicking paste/copy/cut buttons on a toolbar. The clipboardData object needs to be exposed on the window, like in IE.
>
> I fully disagree here.
> This is exactly what has made the CnP API of MSIE a plague with a very bad press coverage.
>
> getData and setData can only be used within the event processing which must be triggered by the user-agent at a user-recognizable invocation of the copy/cut or paste command.
>
> That some browsers allow differently for "trusted sites" is ok to me but should not be an essential focus of this spec I find.

There are too many web apps with a "Copy this to clipboard" button,
like dropbox. If a proxy clipboard is implemented, as I explained,
then the privacy concerns are mostly handled.
Received on Thursday, 19 May 2011 11:02:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT