Re: [w3c/clipboard-apis] Add `unsanitized` option to async clipboard API. (PR #197)

@evanstade commented on this pull request.



> @@ -782,11 +782,15 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
 
   [SecureContext, Exposed=Window]
   interface Clipboard : EventTarget {
-   Promise<ClipboardItems> read();
+   Promise<ClipboardItems> read(optional ClipboardUnsanitizedFormats formats = {});

Why is this a dictionary with a single member which is an array?

If this is a dictionary simply because it makes it easier to extend with more parameters later, then I'd have expected the dictionary to be called `readOptions` or something, with an array called `unsanitizedFormats`.

>  
    1. Let |realm| be [=this=]'s [=relevant realm=].
 
    1. Let |p| be [=a new promise=] in |realm|.
 
+   1. Let |format| be a {{DOMString}}.
+
+   1. If |formats| is not empty, then:
+
+     1. If |formats|'s size is greater than 1, then [=reject=] |p| with {{"NotAllowedError"}} {{DOMException}} in |realm|.

Feels odd to me that the IDL is written to support more than one unsanitized format, but the algorithm wording is only structured to support exactly one sanitized format. Why not iterate over the whole list and reject if any of them are not in the allowed-to-be-sanitized list?

Also if more formats were added in the future, the set of permittable formats could vary by browser. How are sites to know which formats they can ask for? Is throwing an error the best way to deal with them asking for the wrong formats to be unsanitized, or should some format values just be ignored? If throwing an error, how does the site figure out which format(s) were in error?

I don't have a ton of experience with spec language/algos. Can you find a spec mentor to help with these questions?

> @@ -841,7 +861,11 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
 
        Issue: It should be possible to read the data asynchronously from the system clipboard after the author calls getType, however, this set of steps implies that data will be provided at the time of read.
       
-      1. The user agent, MAY sanitize |representation|'s [=representation/data=], unless |representation|'s [=representation/MIME type=]'s essence is "image/png", which should remain unsanitized to preserve meta data.
+      1. The user agent, MAY sanitize |representation|'s [=representation/data=], unless it satisfies the below conditions:

It seems like "sanitize" should be defined.

>  
    1. Let |realm| be [=this=]'s [=relevant realm=].
 
    1. Let |p| be [=a new promise=] in |realm|.
 
+   1. Let |format| be a {{DOMString}}.

but you would be iterating over `formats.unsanitized`, rather than `formats`, no?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/pull/197#pullrequestreview-1713107168
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/clipboard-apis/pull/197/review/1713107168@github.com>

Received on Friday, 3 November 2023 16:42:00 UTC