Re: [w3ctag/design-reviews] Request review of (text only) Async Clipboard API (#222)

Attempt to consolidate TAG feedback on privacy concerns:

We are generally very concerned about the potential for passive monitoring of the clipboard contents, which could easily capture passwords. We would like to encourage implementations to be as conservative as possible in their attempts to prevent this, and wonder if mechanisms such as these have been considered:

* time limited grants for user consents
* requirement for document focus to allow access to APIs methods
* requirement for user interaction for paste API
* expiration of permission on some event, eg defocus of window, navigation away from page


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/222#issuecomment-379436560

Received on Saturday, 7 April 2018 06:36:41 UTC