- From: Xidorn Quan <notifications@github.com>
- Date: Mon, 09 Sep 2019 19:03:21 -0700
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 10 September 2019 02:03:55 UTC
Currently reading clipboard requires extra permission check, which in Chrome shows a prompt, and in Firefox, only available to extensions. There is a common case where a web app (any kind of editor) may want to allow user to copy and paste, and it may also want to provide a menu item for "Paste" just like normal apps, which would rely on the ability to read clipboard. And in many of the cases, user would copy and paste within the same web app. It is dangerous to allow arbitrary page to read clipboard, but it is probably not so dangerous if the content was originally copied from the same origin. Web app can already support same origin copy/paste without involving extra permission check via e.g. going through local storage. But this makes it harder to support both native clipboard and such internal clipboard. It would be better to use the native clipboard as the source of truth. Thus I suggest that browser can probably check whether a content was originally from the given origin, and if so, allows it to read without any extra permission requirement. On the implementation side, I think nowadays all systems support storing multiple different data in clipboard, so maybe browser can create an extra slot in the data for the origin information. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/clipboard-apis/issues/98
Received on Tuesday, 10 September 2019 02:03:55 UTC