Re: [w3c/clipboard-apis] Remove clipboard-write permission (PR #164) from CSS Meeting Bot on 2022-02-10 (public-webapps-github@w3.org from February 2022)

From: CSS Meeting Bot <notifications@github.com>
Date: Thu, 10 Feb 2022 08:30:55 -0800
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/pull/164/c1035130436@github.com>

The Web Editing Working Group just discussed `Checking on the blocked clipboard-write permission?`.

<details><summary>The full IRC log of that discussion</summary>
&lt;Travis> Topic: Checking on the blocked clipboard-write permission?<br>
&lt;Travis> github: https://github.com/w3c/clipboard-apis/pull/164<br>
&lt;Travis> BoCupp: I think the interested party is not here though...<br>
&lt;Travis> .. should probabaly ping Mozilla.<br>
&lt;Travis> .. Problem: we use clipboard read/write permission so that they can be granted to iframes.<br>
&lt;Travis> .. iframe's can't even do it without delegated authority.<br>
&lt;Travis> .. Office programs are hosted in different hosts and run in iframes. So we wanted to remove this.<br>
&lt;Travis> .. the objection was that firefox/safari were aligned on not wanting that.<br>
&lt;Travis> .. Seems like Apple has a trusted UI context menu. A second click is needed.<br>
&lt;Travis> .. Firefox has not shipped the API yet... I was wondering what Firefox' model is/will be. How would they solve the delegated authority issue?<br>
&lt;Travis> .. Will the adopt the Apple approach? Will the not have a permission? Have they even faced the issue yet?<br>
&lt;Travis> .. want to leave the issue as-is in hope of getting alignment on the current behavior? That's why we've left it blocked.<br>
&lt;Travis> johanneswilm: Remind us why you need an iframe?<br>
&lt;Travis> BoCupp: Yes, Microsoft Sharepoint is a shell that allows browsing of documents... when a doc is opened, Sharepoint loads a cross-origin iframe with the "word" logic to display it.<br>
&lt;Travis> .. Office app architecture is designed to be hosted in cross-origin iframes.<br>
&lt;Travis> .. Also, navigator.clipboard.read does not need to happen in context of a paste event. It may require a user gesture.<br>
&lt;Travis> .. We don't want the user to get prompted from some random iframe unless that authority has been delegated.<br>
&lt;Travis> Travis: user only sees the address bar url.. iframe prompt would look like it came from that url. Confusing to the user.<br>
&lt;Travis> BoCupp: I don't think there's an action to take today other than a followup later.<br>
</details>


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/pull/164#issuecomment-1035130436
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/clipboard-apis/pull/164/c1035130436@github.com>

Received on Thursday, 10 February 2022 16:31:09 UTC