Re: Clipboard API: Enable `copy` event simulation with user's express permission (domain-wide)? from Anne van Kesteren on 2014-03-17 (public-webapps@w3.org from January to March 2014)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 17 Mar 2014 12:15:01 +0000
To: "Hallvord R. M. Steen" <hsteen@mozilla.com>
Cc: James Greene <james.m.greene@gmail.com>, Ryosuke Niwa <rniwa@apple.com>, WebApps WG <public-webapps@w3.org>, Jon Rohan <rohan@github.com>
Message-ID: <CADnb78hhGM2xPq=cKj5pjzhCDiJLAX46xWTrjQo7jTCotGtdKg@mail.gmail.com>

On Tue, Feb 18, 2014 at 1:12 PM, Hallvord R. M. Steen
<hsteen@mozilla.com> wrote:
> So, the story so far is that the spec has added something it labels "semi-trusted events" - that is an event triggered from a trusted event of a whitelisted type. The precedence here is popup blocking - browsers already have rules for which events are "more trusted than others" in terms of likely expressing user intent. (An example makes this clearer: scripts are typically allowed to call window.open() from a click event listener, but are typically not allowed to call window.open() from an load or mouseover listener.)

Those rules are part of a standard these days:
http://www.whatwg.org/specs/web-apps/current-work/#allowed-to-show-a-popup

You might want to file a bug to extend the list of trusted event types there.


-- 
http://annevankesteren.nl/

Received on Monday, 17 March 2014 12:15:28 UTC