- From: snianu <notifications@github.com>
- Date: Mon, 28 Jun 2021 08:41:18 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 28 June 2021 15:41:30 UTC
Just a small update. We addressed few security concerns raised by internal security reviews as described below: 1. Changed `direct` keyword to `unsanitized` to be more explicit about the content being read/written. 2. Added [transient](https://html.spec.whatwg.org/multipage/interaction.html#transient-activation) user activation for reading and writing into the clipboard. 3. Format names are also [mangled ](https://github.com/w3c/editing/blob/gh-pages/docs/clipboard-pickling/explainer.md#os-interaction-format-naming) while writing into the clipboard so it's clear to the consumer of those formats that the content is unsanitized and written from the browser. e.g. format names are prefixed with "Web" on Windows The explainer has been updated and moved to editing working group repo: https://github.com/w3c/editing/blob/gh-pages/docs/clipboard-pickling/explainer.md#pickling-for-async-clipboard-api -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/636#issuecomment-869792053
Received on Monday, 28 June 2021 15:41:30 UTC