- From: snianu <notifications@github.com>
- Date: Wed, 17 Jan 2024 09:23:44 -0800
- To: w3c/editing <editing@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/editing/issues/439/1896263840@github.com>
To mitigate this privacy concern and at the same time allow UAs to support delay rendering of web custom formats, we propose the following: 1. UAs can decide to trigger all web custom format callbacks after an arbitrary timeout and not in response to a paste event. That way the callback trigger wouldn't be tied to the paste event and the source site wouldn't be able to determine where the user has pasted the data into. The disadvantage with this approach is that it makes the API less useful but provides a reasonable compromise for UAs that want to support a special privacy mode in their browsers. 2. UAs can support a small number of web custom formats so the malicious authors can't cast a wide net to determine all the apps that support pasting of web custom formats. Unless we see an increase in the number of web custom formats for sophisticated sites, the proposal is to support just one web custom format for now. Spec will be written in a way that supports all behaviors so UAs that do not support delay rendering of web custom formats are still in compliant with the spec. Adding @benjamind to also chime-in to this issue as this API would help Adobe web properties to be in parity with the native app. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/editing/issues/439#issuecomment-1896263840 You are receiving this because you are subscribed to this thread. Message ID: <w3c/editing/issues/439/1896263840@github.com>
Received on Wednesday, 17 January 2024 17:23:49 UTC