Re: [w3c/clipboard-apis] Add `unsanitized` option to async clipboard API. (PR #197) from Sanket Joshi on 2023-11-17 (public-webapps-github@w3.org from November 2023)

From: Sanket Joshi <notifications@github.com>
Date: Thu, 16 Nov 2023 17:45:33 -0800
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/pull/197/review/1735849564@github.com>
@sanketj requested changes on this pull request.



> @@ -542,6 +542,15 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
    * Custom format [=string/starts with=] `"web "`("web" followed by U+0020 SPACE) prefix
     and suffix (after stripping out `"web "`) passes the [=parsing a MIME type=] check.
 
+ <h3 id="unsanitized-data-types-x"><dfn>Unsanitized data types</dfn></h3>
+
+   These data types MUST NOT be sanitized by UAs:
+
+   * image/png
+
+   <p class=note>
+    The image/png MIME type is not sanitized to preserve meta data.

This comment still doesn't really make it clear to me why we don't sanitize images. The statement "preserve meta data" is far too high level. Can we add more details here, or even better, an example?

> @@ -798,17 +812,28 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
   {{Clipboard/read()}} returns a {{Promise}} to [=clipboard items=] object that represents contents of [=system clipboard data=].
   </p>
 
+  {{ClipboardUnsanitizedFormats/unsanitized}} is a [=sequence=] of {{DOMString}}s corresponding to the [=representation/mime type=] that are [=optional unsanitized data types=].

```suggestion
  {{ClipboardUnsanitizedFormats/unsanitized}} is a [=sequence=] of {{DOMString}}s corresponding to the [=representation/mime type=] that the author wants to be treated as [=optional unsanitized data types=].
```

>        1. Set |representation|'s [=representation/data=] to |systemClipboardRepresentation|'s [=system clipboard representation/data=].
 
        Issue: It should be possible to read the data asynchronously from the system clipboard after the author calls getType, however, this set of steps implies that data will be provided at the time of read.
       
-      1. The user agent, MAY sanitize |representation|'s [=representation/data=], unless |representation|'s [=representation/MIME type=]'s essence is "image/png", which should remain unsanitized to preserve meta data.
+      1. The user agent, MUST NOT sanitize |representation|'s [=representation/data=], if it satisfies the below conditions:
+      
+       1. |representation|'s [=representation/MIME type=] is in [=unsanitized data types=] list.

Don't we also need to be include "optional unsanitized data types" here? The UA must not sanitize those either.

> @@ -542,6 +542,15 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
    * Custom format [=string/starts with=] `"web "`("web" followed by U+0020 SPACE) prefix
     and suffix (after stripping out `"web "`) passes the [=parsing a MIME type=] check.
 
+ <h3 id="unsanitized-data-types-x"><dfn>Unsanitized data types</dfn></h3>
+
+   These data types MUST NOT be sanitized by UAs:
+
+   * image/png

I wonder if we should include "optional unsanitized data types" in the set of data types in "unsanitized data types"? To my comment in the algorithm, this would make it clearer that UAs must treat optional and non-optional unsanitized data types the same after the optional unsanitized data types have been validated.

> @@ -816,7 +808,11 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
   {{Clipboard/read()}} returns a {{Promise}} to [=clipboard items=] object that represents contents of [=system clipboard data=].
   </p>
 
-  {{ClipboardUnsanitizedFormats/unsanitized}} is a [=sequence=] of {{DOMString}}s corresponding to the [=representation/mime type=] that are in the [=unsanitized data types=].
+  <dfn>Optional unsanitized data types</dfn> are [=representation/mime type=]s that MUST not be sanitized by the user agent. The valid [=optional unsanitized data types=] are listed below:

Don't think this is actually done. My ask was actually to move the definition of "optional unsanitized data types" right next to the definition of "unsanitized data types" (above or below is fine). That way, both definitions are in the same place and easier to process for the reader. Sound reasonable?

> @@ -833,7 +829,7 @@ url: https://w3c.github.io/permissions/#permissions-task-source; type: dfn;
 
     1. For each |format| in |formats|["{{ClipboardUnsanitizedFormats/unsanitized}}"]:
 
-     1. If |format| is not in [=unsanitized data types=], then [=reject=] |p| with |format| {{"NotAllowedError"}} {{DOMException}} in |realm|.
+     1. If |format| is not in [=optional unsanitized data types=], then [=reject=] |p| with |format| {{"NotAllowedError"}} {{DOMException}} in |realm|.

Ok, this sounds fine. It looks like we can bypass things like checking for permissions.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/pull/197#pullrequestreview-1735849564
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/clipboard-apis/pull/197/review/1735849564@github.com>
Received on Friday, 17 November 2023 01:45:38 UTC