The new async clipboard API suggestion is a very nice step forward. However it still (vaguely) recommends user gestures as a way to prevent abuse. This method makes the clipboard API completely unusable for our use case so I'd like to plead for a recommendation against that in favour of other protection.
The use case here are remote desktop applications. The entire interface is server side so the Javascript is not aware of any of the logic, or even the layout. Hence it cannot connect user gestures with a clipboard update.
The flow would basically be:
1. The user presses Ctrl+C, resulting in a series of `keydown` events.
2. The page forwards these events to the remote system, exiting the event handler
3. The remote application triggers a Copy operation based on these events and sends some clipboard data to the client
4. The page receives the data and tries to update the local clipboard
This method is currently blocked, and would continue to be blocked unless browsers stop requiring a user gesture to access the API.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/75