Re: Clipboard API: Enable `copy` event simulation with user's express permission (domain-wide)? from Paul Libbrecht on 2013-07-24 (public-webapps@w3.org from July to September 2013)

From: Paul Libbrecht <paul@hoplahup.net>
Date: Wed, 24 Jul 2013 22:22:33 +0200
To: James Greene <james.m.greene@gmail.com>
Cc: public-webapps@w3.org, rohan@github.com
Message-Id: <45DD4C2B-CC58-4CDE-869B-9471555D235F@hoplahup.net>

James,

I personally think it would be a really good idea. But I am not a browser implementor.

Overall, I agree with you that writing to the clipboard, only within a click or key event processing maybe?, is likely to be a non-concern on privacy. I would love to hear others' feedback.

Is maybe a first step something such as a browser-extension?
Did you hear brags about users of websites that allowing copy was not a good idea?

(I heard a brag close to it by TimBL and J Gruber about the usage of "clipboard injection": http://lists.w3.org/Archives/Public/www-tag/2010Jun/0007.html are we close to that? I think not but maybe can such a feature get close to it?)

Paul

On 12 juil. 2013, at 21:57, James Greene wrote:

> It appears that the only way to trigger a `copy` event programmatically is to use `document.execCommand('copy')`, which most browsers prevent:
>     http://www.w3.org/TR/clipboard-apis/#integration-with-other-scripts-and-events
> 
> What about enabling so enabling semi-restricted programmatic clipboard injection on a page if the user grants their express permission via a once-per-domain security prompt (similar to the Geolocation API)?  IOW, given a user's express permission to the origin and following a user's pointer event or keyboard interaction, I would like to be able to simulate the `copy` event (and the `beforecopy` event, if practical).
> 
> I'm not quite sure how far this will go as "clipboard poisoning" is always a real concern.  In fact, I understand that better than most, since my desire to get such an adaptation to the Clipboard API spec is the direct result of my work as the co-maintainer of the popular ZeroClipboard library (used by GitHub, bit.ly, and many other sites).  Jon and I would like nothing better than to eliminate ZeroClipboard's dependency on Flash but that is unattainable given the current restrictions of this spec.
> 
> If Flash doesn't live on for anything else, it may well live on longer than it should for its unmatched ability to do programmatic clipboard injection after a user's click or keypress.  :(
> 
> Thoughts?
> 
> 
> Sincerely,
>     James Greene
>     http://jamesgreene.net/

Received on Wednesday, 24 July 2013 20:23:03 UTC