Re: PSA: publishing new WD of Clipboard API and events on Sept 18 from Daniel Cheng on 2014-09-15 (public-webapps@w3.org from July to September 2014)

From: Daniel Cheng <dcheng@chromium.org>
Date: Mon, 15 Sep 2014 14:11:22 -0700
To: noloader@gmail.com
Cc: Arthur Barstow <art.barstow@gmail.com>, public-webapps <public-webapps@w3.org>
Message-ID: <CAF3XrKrqrG4PuDWhwWzxnhTEDZaCprX0GJBm2i4taSSc-joMJw@mail.gmail.com>

I'm not quite sure what you're asking for here. The clipboard is system
global. Why should the spec disallow a user from copying from
https://www.example.com and pasting in http://www.ads.com?

Daniel

On Mon, Sep 15, 2014 at 11:19 AM, Jeffrey Walton <noloader@gmail.com> wrote:

> On Mon, Sep 15, 2014 at 4:27 AM, Arthur Barstow <art.barstow@gmail.com>
> wrote:
> > This is a heads-up Hallvord intends to publish a WD of "Clipboard API and
> > events" and he is targeting a publication date of September 18. The ED
> >
> >   <http://dev.w3.org/2006/webapi/clipops/clipops.html>
> >
> > If anyone has any comments or concerns about this plan, please let us
> know
> > before the 18th.
> Please forgive my ignorance. But I don't see a requirement that data
> egressed from the local machine to be protected with SSL/TLS.
>
> Also, if the origin uses a secure scheme like HTTPS, then shouldn't
> the script's also require the same? That is, shouldn't the spec avoid
> fetching from https://www.example.com and then shipping clipboard data
> off to http://www.ads.com?
>
> Is these intended?
>
>

Received on Monday, 15 September 2014 21:12:30 UTC