W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

From: Daniel Cheng <dcheng@chromium.org>
Date: Thu, 19 May 2011 09:13:22 -0700
Message-ID: <BANLkTimh96vehsOKOqSfephtR_pFVFG90A@mail.gmail.com>
To: João Eiras <joao.eiras@gmail.com>
Cc: public-webapps@w3.org
On Thu, May 19, 2011 at 04:01, João Eiras <joao.eiras@gmail.com> wrote:

> On Thu, May 19, 2011 at 7:43 AM, Paul Libbrecht <paul@hoplahup.net> wrote:
> >
> > Le 19 mai 2011 à 02:11, João Eiras a écrit :
> >
> >> getData and setData must work outside clipboard events, like when
> clicking paste/copy/cut buttons on a toolbar. The clipboardData object needs
> to be exposed on the window, like in IE.
> >
> > I fully disagree here.
> > This is exactly what has made the CnP API of MSIE a plague with a very
> bad press coverage.
> >
> > getData and setData can only be used within the event processing which
> must be triggered by the user-agent at a user-recognizable invocation of the
> copy/cut or paste command.
> >
> > That some browsers allow differently for "trusted sites" is ok to me but
> should not be an essential focus of this spec I find.
>
> There are too many web apps with a "Copy this to clipboard" button,
> like dropbox. If a proxy clipboard is implemented, as I explained,
> then the privacy concerns are mostly handled.
>
>
To me, this sounds like an implementation detail. There are reasons why a UA
wouldn't want to pull the contents of the system clipboard into the proxy
clipboard.

Daniel
Received on Thursday, 19 May 2011 16:13:48 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT