Re: [clipboard] Semi-Trusted Events Alternative from James M. Greene on 2014-09-15 (public-webapps@w3.org from July to September 2014)

From: James M. Greene <james.m.greene@gmail.com>
Date: Mon, 15 Sep 2014 11:24:35 -0500
To: Jonas Sicking <jonas@sicking.cc>
Cc: "Hallvord R. M. Steen" <hsteen@mozilla.com>, Ben Peters <Ben.Peters@microsoft.com>, Perry Smith <pedzsan@gmail.com>, Webapps WG <public-webapps@w3.org>
Message-ID: <CALrbKZhSCG2ginxGYVjRN7Oidm+z+5w6V=DTo_N=7iYdZD4yFg@mail.gmail.com>

> I think we should also allow reading data that was copied from the
> same origin. That way a website can build an editor which has full
> copy/paste capabilities as long as you are only editing within that
> website.


I would agree that this seems desirable as long as the origin of clipboard
data can't be forged somehow.

Sincerely,
    James Greene


On Sun, Sep 14, 2014 at 1:57 AM, Jonas Sicking <jonas@sicking.cc> wrote:

> On Sat, Sep 13, 2014 at 1:58 PM, Hallvord R. M. Steen
> <hsteen@mozilla.com> wrote:
> > * paste: we allow reading clipboard contents if the paste event is not
> synthetic and not triggered from a document.execCommand('paste') call.
> There's also an exception that will allow scripts to read the clipboard
> data in contexts where the UA is configured to allow this (could be for
> example white-listed, trusted sites or apps).
>
> I think we should also allow reading data that was copied from the
> same origin. That way a website can build an editor which has full
> copy/paste capabilities as long as you are only editing within that
> website.
>
> / Jonas
>

Received on Monday, 15 September 2014 16:25:24 UTC