- From: snianu <notifications@github.com>
- Date: Tue, 12 Sep 2023 17:53:16 -0700
- To: w3c/editing <editing@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/editing/issues/439/1716777019@github.com>
We suggest the following solution to address this problem:
The UA will add a new clipboard format that contains the source url of the app that wrote the formats to the clipboard. This format is separate from the web custom formats produced by the app. The target app will use this source url info to verify if the formats on the clipboard come from an app that is trustworthy. The destination app can choose to read the formats from the clipboard if the source url is in the list of trustworthy apps. This way, the target app can ensure that the custom format being read from the clipboard is produced by an app that it knows and trusts.
Note that the source url info is already exposed to the clipboard by the `text/html` format, so this is not a new information that is being added to the clipboard.
e.g.
In Native apps
```
if (IsFormatAvailable("source-url format") {
url-data = GetClipboardData("source-url format");
// Check if the url-data is in the list of trustable apps.
if (url-data is trustable) {
// Read the web custom formats
} else {
// Read the standard formats.
}
}
```
In the browser, the source url format will be present in the ClipboardItem object which can then be used by the web app to verify if it can trust the source of the web custom formats.
```
if (ClipboardItem.hasFormat("source-url") {
url-data = ClipboardItem.getType("source-url");
if (url-data is in trustable app list) {
// Read the web custom format
}
else {
// Read the standard formats.
}
}
```
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/editing/issues/439#issuecomment-1716777019
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/editing/issues/439/1716777019@github.com>
Received on Wednesday, 13 September 2023 00:53:22 UTC