- From: CSS Meeting Bot <notifications@github.com>
- Date: Thu, 08 Feb 2024 10:37:07 -0800
- To: w3c/editing <editing@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/editing/issues/439/1934719705@github.com>
The Web Editing Working Group just discussed `[Delayed Clipboard Rendering] Privacy issue while reading data for web custom types`, and agreed to the following: * `RESOLVED: Privacy concern doesn't exist if we only support built-in formats. We'll do builtins first and then custom formats in the future.` <details><summary>The full IRC log of that discussion</summary> <dandclark> topic: [Delayed Clipboard Rendering] Privacy issue while reading data for web custom types<br> <dandclark> github: https://github.com/w3c/editing/issues/439<br> <dandclark> snianu: TAG had feedback on this, had same privacy concern. Proposed mitigations that don't work. I responded in thread.<br> <dandclark> ...: At this point, issue has been dragging for too long. Privacy issue is from web custom format. Can we do this just for builtin formats?<br> <dandclark> ...: Can standardize all the infrastructure for this separately without web custom formats, privacy issue doesn't have to block that.<br> <dandclark> ...: Can we separate the two things? Make web custom formats as separate proposal, move forward with that separately if we find some mitigation.<br> <dandclark> ...: But that wouldn't require API changes to async clipboard API.<br> <dandclark> ...: Proposal is standardize for builtin formats. Secondary proposal to restrict custom formats to just 1. But if that's controversial let's resolve to just support builtin formats for delayed clipboard rendering.<br> <dandclark> smaug: Concern is if we do it only for builtins, and then want to do it later for custom formats, what if API shape needs to be different.<br> <dandclark> smaug: Could be confusing.<br> <dandclark> snianu: With the builtin formats, only change is to add callback instead of Blob.<br> <dandclark> ...: If we dont' have calbacks for web custom formats, if we find some other way for devs to do that it would be some other API. To support web custom format we could add overloaded constructor. It's easily extendable. Don't have to change entire API surface.<br> <dandclark> smaug: If there's something that can support both use cases, hopefully we can build something forward-compatible.<br> <dandclark> snianu: Only thing that changes is the callback.<br> <dandclark> snianu: Say we add more security restrictions, that doesn't need a web API change. If you use web custom format you are subject to these restructions, if not it just works.<br> <dandclark> snianu: Builtin formats add real value.<br> <dandclark> ...: And we're adding more.<br> <dandclark> whsieh: Hard to imagine case where having callback wouldn't be backwards-compatible.<br> <dandclark> whsieh: Provides value in short term.<br> <dandclark> smaug: Maybe.<br> <dandclark> whsieh: Even then, callback could return object we add.<br> <dandclark> smaug: Would be nice to see concrete proposal. E.g. I'd like to see using streams to write the data.<br> <dandclark> snianu: Looking into streams doesn't have to block the current API.<br> <dandclark> snianu: Proposal is the same, just don't allow custom formats.<br> <dandclark> smaug: Callbacks were resolved, but what they actually do was not resolved.<br> <dandclark> ...: Producing data as blob requires lots of memory, streams could solve that.<br> <dandclark> snianu: Could extend it to support streams in callback.<br> <dandclark> snianu: Could also talk to partners about this.<br> <dandclark> snianu: Some are interested in that. COuld do it separetely , doesn't have to block this.<br> <dandclark> smaug: That's fine. Let's get issue filed.<br> <dandclark> snianu: I'll file issue and link it.<br> <dandclark> RESOLVED: Privacy concern doesn't exist if we only support built-in formats. We'll do builtins first and then custom formats in the future.<br> <snianu> https://github.com/w3c/clipboard-apis/issues/191<br> <dandclark> s/and then custom formats in the future./and then consider custom formats in the future.<br> </details> -- Reply to this email directly or view it on GitHub: https://github.com/w3c/editing/issues/439#issuecomment-1934719705 You are receiving this because you are subscribed to this thread. Message ID: <w3c/editing/issues/439/1934719705@github.com>
Received on Thursday, 8 February 2024 18:37:14 UTC