Re: [w3c/clipboard-apis] User gesture requirement for Clipboard API access (#52)

Adding @rniwa

I think we’d support adding a user interaction requirement for clipboard access, for both writing and (especially) reading.

Our current implementation limits clipboard write to user interaction only, and limits clipboard reading to user interaction and, in addition, interaction with trusted native UI for pasting content (i.e. a popup on macOS or callout menu action on iOS).

We did (very briefly) consider not requiring user interaction for clipboard reads when the content was written by a page with the same security origin, but we decided not to because this would still indirectly leak information to the page, since they’d be able to determine exactly when the user has copied content that is cross-origin, or from a different app altogether.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/52#issuecomment-597937676

Received on Wednesday, 11 March 2020 23:57:16 UTC