- From: Frederik Braun <notifications@github.com>
- Date: Thu, 16 Dec 2021 04:19:41 -0800
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 16 December 2021 12:19:54 UTC
I have a few clarifying questions. If this is solely about providing this `sensitive` flag to the underlying operating system, so that other applications (e.g., cloud sync) can choose not to store them, then I think it's not a bad idea. Firefox is already setting this `sensitive` flag on certain platforms when copying passwords from the built-in password manager. Do I also correctly understand that the browser wouldn't behave differently when *reading* a sensitive ClipboardItems, i.e., web sites would be able to have the same discretion for sensitive items? It seems this whole issue is orthogonal to a different problem that's worth solving, which I want to explain for a second: An evil web page that is trying to paste indefinitely in the hope of scraping some passwords from the clipboard. It would be nice if we could agree that browser shouldn't web expose sensitive items through the read API without additional user interaction.. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/clipboard-apis/issues/154#issuecomment-995764325
Received on Thursday, 16 December 2021 12:19:54 UTC