- From: Hallvord Steen <hsteen@mozilla.com>
- Date: Wed, 24 Jul 2013 15:34:02 -0700 (PDT)
- To: Paul Libbrecht <paul@hoplahup.net>
- Cc: James Greene <james.m.greene@gmail.com>, public-webapps@w3.org, rohan@github.com
[Replying to Paul's mail but it's really a response to James - sorry, Paul..]
On 12 juil. 2013, at 21:57, James Greene wrote:
> It appears that the only way to trigger a `copy` event programmatically is to use `document.execCommand('copy')`, which most browsers prevent:
> http://www.w3.org/TR/clipboard-apis/#integration-with-other-scripts-and-events
Correct.
> What about enabling so enabling semi-restricted programmatic clipboard injection on a page
> if the user grants their express permission via a once-per-domain security prompt (similar
> to the Geolocation API)?
Well, with my spec editor's hat on: Nothing really prevents UAs from implementing this already. They could hook up document.execCommand('Copy') to whatever that UA's convention for a security permission prompt is. I'd like to see this, actually.
That said, this functionality doesn't really have privacy implications (as long as it is about programmatically *writing to*, not *reading from* the clipboard) so it's mostly just about preventing nuisance, plus some slightly far-fetched security threats (which aren't all that credible if they are not already exploited with Flash's clipboard implementation). Our intentions as implementors has sort of moved towards enabling all the cool stuff apps and sites might do, and away from trying to control nuisance. It's quite possible to argue that writing to the clipboard should be enabled by default.
-Hallvord
Received on Sunday, 28 July 2013 20:06:56 UTC