[w3c/clipboard-apis] Option to specify ClipboardItem is sensitive in .write() and .writeText() (#154)

### Feature Request / Proposal

To add a boolean property `sensitive` to a `ClipboardItem`:

```js
const passwordBlob = new Blob(["secret"], { type: "text/plain" });

await navigator.clipboard.write([
    new ClipboardItem({
      [passwordBlob.type]: passwordBlob
      sensitive: true
    })
]);

// ...and maybe an options param to `.writeText()` as well?
await navigator.clipboard.writeText('secret', { sensitive: true });
```

### Why

Operating systems with built-in clipboard managers or browser's with clipboard managers (and maybe userland extensions?) could choose to not add such items to their history.

A real-world scenario that I've faced is while using 1Password on Windows 11, with Clipboard History enabled (<kbd>Win + V</kbd>). Using the native 1Password Windows app to copy a password/OTP doesn't persist it to Clipboard History. Not sure how they accomplish this.

But the same thing, when done via the 1Password extension, comes up in the Clipboard History. I'm not sure if the 1Password extension uses a different API that's available to extensions or utilize Clipboard API for this. Either way, being able to label items like this and if browsers handle this case appropriately, Clipboard Managers (and similar applications) can operate safely and not be prone to leak sensitive info.

### Concerns

- Such items would be easy targets for an existing malicious code
- Some users might prefer to _still_ keep these items in their history. But that's up to the browsers to decide if they'll provide such an option.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/154

Received on Thursday, 19 August 2021 23:02:00 UTC