Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

Le 19 mai 2011 ą 02:11, Joćo Eiras a écrit :

> getData and setData must work outside clipboard events, like when clicking paste/copy/cut buttons on a toolbar. The clipboardData object needs to be exposed on the window, like in IE.

I fully disagree here.
This is exactly what has made the CnP API of MSIE a plague with a very bad press coverage.

getData and setData can only be used within the event processing which must be triggered by the user-agent at a user-recognizable invocation of the copy/cut or paste command.

That some browsers allow differently for "trusted sites" is ok to me but should not be an essential focus of this spec I find.

> To handle the getData case, I've thought of adding a proxy clipboard per browsing context. Read operations read from the proxy clipboard, write operations write to the proxy and system clipboards. User initiated actions like dropping, or pasting would update the proxy clipboard with the system clipboard contents, prior to the event being dispatched on the webpage.

I *think* that is a good strategy.


Received on Thursday, 19 May 2011 06:43:49 UTC