Re: [w3c/clipboard-apis] What happens if promises to Blobs are not resolved within a reasonable amount of time? (Issue #161) from snianu on 2021-11-01 (public-webapps-github@w3.org from November 2021)

From: snianu <notifications@github.com>
Date: Mon, 01 Nov 2021 09:16:54 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/161/956374457@github.com>

@mbrodesser
> The spec only mentions that the duration should be "at most a few seconds", but even if it were more precise, it wouldn't answer the questions raised in #161 (comment).

I agree with this. User activation is probably orthogonal to this discussion, but since this was also brought in an Intent-to-Ship thread, I'd like to share some thoughts:

Currently there is **no** user activation requirements in async clipboard read/write in Chromium browsers. e.g. https://clumsy-garnet-meeting.glitch.me/. Just load this page and refresh it without clicking anywhere on the page, you will see the content will get written to the clipboard without any gesture.
Safari, due to security concerns, implemented a gesture requirement to access clipboard via async clipboard APIs. The read()/write() method can only be called inside a trusted user gesture event handler, but the promises to Blobs can be resolved later which gives the web authors the flexibility to not block the UI thread to populate the payload.

There is also a proposal to add [Pickling API](https://github.com/w3c/editing/blob/gh-pages/docs/clipboard-pickling/explainer.md) to the async clipboard API that enables web authors to read/write unsanitized content. Initially we added a transient user activation requirement because the API lets web authors read/write unsanitized content using a custom clipboard format. Both Chrome security team(see "User Gesture Requirement" section in https://github.com/w3c/editing/issues/315) and [TAG](https://github.com/w3ctag/design-reviews/issues/636#issuecomment-857829725) raised the concern that transient user activation is NOT sufficient to give clipboard access to web authors.

The promises to Blobs in the `ClipboardItem` is required to not only support the Pickling API's user gesture event handling requirements, but also improve the security by adding an even stronger signal of the user intent to copy. We also talked about this in the Editing WG call with Apple and they are opposed to transient user activation and I believe Firefox raised concerns as well(https://github.com/w3c/clipboard-apis/issues/52#issuecomment-599443986).

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/161#issuecomment-956374457

Received on Monday, 1 November 2021 16:17:07 UTC