- From: snianu <notifications@github.com>
- Date: Tue, 31 Oct 2023 14:47:46 -0700
- To: w3c/editing <editing@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/editing/pull/456/review/1707287332@github.com>
@snianu commented on this pull request.
> +<body>
+<!--StartFragment--><head><script>alert('hello');</script><style> p {font-color: red; background-color: blue;}</style></head> <body><p>html text</p></body><!--EndFragment-->
+</body>
+</html>
+
+```
+After `read()` was called with the default sanitizer, the HTML markup returned was:
+
+```js
+<p style="background-color: blue; color: rgb(0, 0, 0); font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">html text</p>
+
+```
+
+In the above example, `script`, `style` tags were removed and style associated with `<p>` element was inlined.
+
+These problems mean that web developers may not get the same HTML paste quality and performance with the async clipboard `read` API as they do with the DataTransfer object's `getData` method. This proposal aims to solve these problems so that the `read` can work just as well as `getData` when pasting HTML content.
Done.
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/editing/pull/456#discussion_r1378195947
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/editing/pull/456/review/1707287332@github.com>
Received on Tuesday, 31 October 2023 21:47:51 UTC