Re: [clipboard] Semi-Trusted Events Alternative

Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid.  Can someone explain that to me?

I surfed around a bit but did not find any articles except pages talking about users pasting content they got from the web directly into a terminal window.  Is that the concern?

As a side note: I would change "isTrusted" to "fromUserAgent" to make it more honest.  Folks are somewhat foolish to trust their browsers and all the plugins.  e.g. people unwittingly trust flash.  I would remove "trust" from the names of things.

"semi-trusted" seems worse to me.  Reminds me of slightly-pregnant.  Its either one or the other.

It appears to me that isTrusted and semi-trusted are really trying to say "the user has not been fooled".  Which brings me back to my original question.  What, precisely, are we afraid the user has been fooled into doing?

Thank you for your time,
Perry

Received on Saturday, 26 July 2014 13:19:41 UTC