Re: Safe copy and paste with scripts from Paul Libbrecht on 2006-02-25 (public-webapi@w3.org from February 2006)

From: Paul Libbrecht <paul@activemath.org>
Date: Sat, 25 Feb 2006 17:11:50 -0500
To: Maciej Stachowiak <mjs@apple.com>
Cc: public-webapi@w3.org
Message-ID: <4400D626.2010305@activemath.org>

Maciej Stachowiak wrote:
> I would like copy/paste integration to be on the agenda. I believe 
> these operations can be offered securely (and implemented in various 
> nonstandard ways by IE, Firefox and in some cases Safari):
>
> 1) copy
> 2) cut (in an editable context)
> 3) event on copy that lets you prevent the default action and 
> substitute other content
> 4) event on paste that lets you prevent the default action and 
> substitite other content
>
> I think the difficulties with 3) and 4) are defining identifiers for 
> and contents of clipboard data formats in a cross-platform way. 
How does the way Java does it sound ?
(e.g. java.awt.datatransfer.DataFlavour ? or javax.swing.TransferHandler ?)

In our prototype in ActiveMath, I've been converting copy-and-paste into 
drag-and-drop which triggers an http get request: this inverses the 
mime-type negotiation (the client sends first), makes only one 
translation needed, and brings the user-agent.
> The following operations cannot be securely offered to web applications:
> - Programmatically trigger paste
> - Examine current contents of clipboard
> I hope the WG tackles clipboard integration at some point, once we get 
> past some of the more basic specs on our current agenda.
>> Is this unsecure ?
> I think a secure version could be designed.
I am more than happy to hear this!
>> Are we lacking, maybe, requirements about selection display ?
> Not sure what you mean by this. CSS lets you control how the selection 
> is decorated via the :selection pseudo-element. I think extending that 
> would be out of scope for the Web API WG.
But be careful... in a scripted environment, selection is going to mean 
selection of conceptual objects on the back of a representation.
In order for such a selection to be made complete, one would need to 
change it. Currently, this is, also, missing from JavaScript/DOM.

Where I fear is that some security freaks might believe, that offering 
such API access may allow the script to fake selection and obtain a 
wrong copy or obtain a clipboard access while a paste in, say, a 
textarea is expected.
Presumably, there's no way to fully avoid that, the same as there's no 
way thus far on a Mac to make that the keychain password request is not 
made by an application.

paul

Received on Saturday, 25 February 2006 22:12:02 UTC