- From: Daniel Cheng <dcheng@chromium.org>
- Date: Mon, 15 Sep 2014 14:11:22 -0700
- To: noloader@gmail.com
- Cc: Arthur Barstow <art.barstow@gmail.com>, public-webapps <public-webapps@w3.org>
Received on Monday, 15 September 2014 21:12:30 UTC
I'm not quite sure what you're asking for here. The clipboard is system global. Why should the spec disallow a user from copying from https://www.example.com and pasting in http://www.ads.com? Daniel On Mon, Sep 15, 2014 at 11:19 AM, Jeffrey Walton <noloader@gmail.com> wrote: > On Mon, Sep 15, 2014 at 4:27 AM, Arthur Barstow <art.barstow@gmail.com> > wrote: > > This is a heads-up Hallvord intends to publish a WD of "Clipboard API and > > events" and he is targeting a publication date of September 18. The ED > > > > <http://dev.w3.org/2006/webapi/clipops/clipops.html> > > > > If anyone has any comments or concerns about this plan, please let us > know > > before the 18th. > Please forgive my ignorance. But I don't see a requirement that data > egressed from the local machine to be protected with SSL/TLS. > > Also, if the origin uses a secure scheme like HTTPS, then shouldn't > the script's also require the same? That is, shouldn't the spec avoid > fetching from https://www.example.com and then shipping clipboard data > off to http://www.ads.com? > > Is these intended? > >
Received on Monday, 15 September 2014 21:12:30 UTC