- From: snianu <notifications@github.com>
- Date: Mon, 07 Feb 2022 14:36:22 -0800
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/clipboard-apis/issues/150/1032005517@github.com>
> My proposal doesn't attempt to resolve this one way or another. It merely adds support for a parallel set of formats that are never sanitized. I think it does affect the well-known formats at least on Safari. Consider the below case: When `text/html` is copied from website X and pasted within the same origin that X belongs to, then Safari returns the content from the pickled html format (no sanitization involved). With your proposal, now Safari will return sanitized fragment when author queries `text/html` from X as the pickled HTML format lives in `"web text/html"`. Basically, your proposal doesn't work on Safari which I'm not sure is an issue because Apple doesn't want to support custom format in cross origin anyway, so they can always return the pickled format from "web " bucket if queried from the same origin for `text/html`. Now, on Chrome and Firefox, regardless of what origin the author queries text/html from, DataTransfer APIs always return unsanitized HTML format, but this is different from pickled format as the standard HTML format contains platform specific headers as described [here](https://github.com/w3c/clipboard-apis/issues/150#issuecomment-915692288). These headers are stripped out, but the HTML markup is a full HTML document, not a sanitized fragment. With your proposal, we have to return unsanitized HTML document with platform specific headers stripped out when authors queries `text/html` format. Is that correct? -- Reply to this email directly or view it on GitHub: https://github.com/w3c/clipboard-apis/issues/150#issuecomment-1032005517 You are receiving this because you are subscribed to this thread. Message ID: <w3c/clipboard-apis/issues/150/1032005517@github.com>
Received on Monday, 7 February 2022 22:36:34 UTC