[w3c/clipboard-apis] ClipboardChange even spec: Callout details for cross-origin iframes and fencedframes (Issue #226) from Rakesh Goulikar on 2024-09-20 (public-webapps-github@w3.org from September 2024)

From: Rakesh Goulikar <notifications@github.com>
Date: Fri, 20 Sep 2024 06:55:47 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/226@github.com>

Proposing to call out the following:

For iframes: Current permissions policy that makes use of 'allow' attribute should be followed for clipboardchange event.
Listening to "clipboardchange" event within a cross-origin iframe can be enabled with [Permissions Policy](https://www.w3.org/TR/permissions-policy) which allows for selectively enabling and disabling specific browser features and APIs. Specifically, "clipboard-read" permission needs to be passed to the "allow" attribute of the iframe, similar to how this is required for accessing async clipboard read APIs within a cross-origin iframe.

For fencedframes: 
Given that the `fencedframe` element is a type of `iframe` with more native privacy features built in and only limited permission are considered for `fencedframe` via allow attribute ([more information](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/fencedframe#permissions_policies_available_to_fenced_frames)) proposing to not fire clipboardchange event in a fencedframe.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/226
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/clipboard-apis/issues/226@github.com>

Received on Friday, 20 September 2024 13:55:51 UTC