Pickling for Clipboard API notes from Darwin Huang on 2020-10-27 (public-editing-tf@w3.org from October 2020)

From: Darwin Huang <huangdarwin@chromium.org>
Date: Mon, 26 Oct 2020 18:30:52 -0700
To: public-editing-tf <public-editing-tf@w3.org>
Message-ID: <CAPV4WLY8S+GV8WXZxMRgu198hMFfYd6q7k5D8iT1zwcfvEP+Eg@mail.gmail.com>
Meeting notes from the TPAC 2020 Breakout
<https://www.w3.org/2020/10/TPAC/breakout-schedule.html#pickling> for
Pickling for Clipboard API. (slides
<https://docs.google.com/presentation/d/1_fAgL54D0whQ497G8iL0K2kKpxiWDr3M7gXXSIS76II/>,
explainer
<https://github.com/dway123/clipboard-pickling/blob/main/explainer.md>).

#pickling: (no topic set)
[14:58] == dway123 [~dway123@ef89345d.public.cloak] has joined #pickling
[14:59] <dway123> Videochat here: https://meet.google.com/wxt-wktf-khq
[14:59] <dway123> Slides here:
https://docs.google.com/presentation/d/1_fAgL54D0whQ497G8iL0K2kKpxiWDr3M7gXXSIS76II/edit#slide=id.ga37d7d51f2_0_239
[15:00] <dway123> Reference explainer here:
https://github.com/dway123/clipboard-pickling/blob/main/explainer.md
[15:01] == pwnall [~pwnall@ef89345d.public.cloak] has joined #pickling
[15:02] <pwnall> are we doing the present+ thing? I'm not seeing the bot
[15:02] <smaug> wait, no zoom?
[15:02] <pwnall> I believe that the zoom setup failed for some reason :(
[15:02] * smaug tries to understand how to use meet.g.m :)
[15:03] <pwnall> We're using the backup option of Google Meet --
https://meet.google.com/wxt-wktf-khq
[15:03] <pwnall> Sorry for the really short notice, and thank you for
trying to work through this!
[15:04] <pwnall> Slides:
https://docs.google.com/presentation/d/1_fAgL54D0whQ497G8iL0K2kKpxiWDr3M7gXXSIS76II/
[15:04] == krosylight [~uid7376@public.cloak] has joined #pickling
[15:06] == jsbell [~uid49876@ef89345d.public.cloak] has joined #pickling
[15:20] <pwnall> Question 1: Have you thought of the Clipboard API vs Drag
and Drop? The former has evolved quite a bit.
[15:20] <pwnall> Question 2: Would it be possible to work the word "unsafe"
into the mapped type strings?
[15:21] <pwnall> Answer 1: Focused on Clipboard for now. It would be
possible to specify this for Drag and Drop. Chrome and Safari already
implement a pickling format for both.
[15:23] <pwnall> Will acknowledge Drag and Drop connection in explainer.
Want to keep the effort scoped.
[15:23] <pwnall> Answer 2: Will write this ("unsafe" suggestion) down into
a GitHub issue. [make sure we keep tracking it]
[15:24] <pwnall> Remark: This seems a lot safer than the Raw Clipboard from
last year.
[15:24] <pwnall> Answer: We're grateful for all the feedback we got last
year! We hope this new proposal gives developers power while avoiding most
of the problems brought up before.
[15:25] <pwnall> Question: What's the meaning of "direct" in the code
example?
[15:25] <pwnall> The word we use is open for change.
[15:26] <pwnall> Question: Why does the 2nd argument in the ClipboardItem
constructor have a "direct" option, instead of passing this information
directly into the first argument?
[15:26] <pwnall> Concerns: less ergonomic. Developers could forget.
[15:27] <pwnall> Answer: We do need this somewhere in ClipboardItem to know
we want pickling instead of sanitizing.
[15:30] <pwnall> Can't remember why we chose this path. Will look into it.
:)
[15:31] <pwnall> Could consider adding "unsafe" into the type string.
[15:32] <pwnall> Question: If the direct formats are recognized as
sanitized formats, are they written as both sanitized and pickled?
[15:32] <pwnall> Answer: Yes.
[15:32] <pwnall> Questions: What UI would we imagine for permissions,
assuming permissions were used for this.
[15:33] <pwnall> Answer: We (Chrome) would continue to use the permissions
we have today. It's difficult to have permission prompts that would help
the user make an informed security decision.
[15:33] <pwnall> Pickling does not (should not?) have different security
and privacy concerns compared to today's types.
[15:34] <pwnall> Clarification: The clipboard spec has clipboard-read and
clipboard-write permissions. Chrome is using them.
[15:35] <pwnall> Remark: The old synchronous API does not have any
permissions. It's possible to copy/paste text without permission in all
browsers.
[15:36] <pwnall> The user can also initiate copy/paste via Ctrl+C/Ctrl+V
without permission, and the site can modify what gets stored / pasted.
[15:36] <pwnall> Darwin will show a demo of the Clipboard API, to show how
permissions would work.
[15:36] <dway123> https://steadfast-far-cold.glitch.me/
[15:37] <pwnall> Chrome currently always grants permission for writes. We
show a permission prompt for reads.
[15:38] <pwnall> Last call for more questions :)
[15:41] <dway123> Oops, unsure if attendance tends to work, but
copy-pasting irc participants after the meeting...
[15:41] <dway123> @tilgovi dway123 jsbell krosylight Mek pwnall smaug
[15:42] <smaug> dway123: looks like Chrome asks permission to read text and
image. At least on linux those are explicitly mentioned in the permission
prompt. I wonder what the UI would show with some random type.
[15:43] <dway123> Thanks. I believe Chrome's permission prompt should be
updated from the current "see text and images copied to the clipboard", to
something more like "see content copied to the clipboard"
[15:44] <pwnall> Notes are here for now:
https://drive.google.com/file/d/1XDMETgohvy2CwoPABHfy6oVv_7Cqu-yb/
[15:44] <dway123> (I imagine our permissions team would weigh in more on
exact wording, since "content" might be hard to comprehend easily
-- 
- Darwin Huang
Received on Tuesday, 27 October 2020 01:31:21 UTC