- From: Hallvord R. M. Steen <hsteen@mozilla.com>
- Date: Mon, 15 Sep 2014 14:15:17 -0700 (PDT)
- To: "Brian Matthews (brmatthe)" <brmatthe@cisco.com>
- Cc: Ben Peters <Ben.Peters@microsoft.com>, "James M. Greene" <james.m.greene@gmail.com>, Perry Smith <pedzsan@gmail.com>, public-webapps@w3.org
>> * copy/cut: we allow writing to the clipboard when copy/cut events are
>> triggered from trusted UI, and when document.execCommand('copy') and
>> document.execCommand('cut') are called from any JS thread that would be
>> allowed to open a popup (i.e. generally in response to user interaction)
> So does this mean that any page that can pop up a window today will be
> able to put stuff on my system clipboard?
Yes. That's the plan.
I know there is a nuisance concern - but in theory, that would more or less regulate itself because sites that abuse this to, say, paste advertisments to your clipboard would be detested by users, and would loose market share as a result of their shenanigans. Much like popup advertising: the popup blockers are, as you say, not *very* effective. They can easily be circumvented by making the user click something - anything - inside a page. But how many high-profile sites use popup ads today? Very few. The limitations popup blockers put in place - and the competitive pressure that brought popup blocking to all browsers - was a sufficiently strong indication that popups were a detestable nuisance, and they largely disappeared. I sometimes even surf the web with the popup blocker disabled, out of interest.. Popups are very few indeed :)
> I really don¹t want a browser putting anything on my clipboard unless I
> explicitly tell it to, and moving the mouse on a page or clicking anywhere
> on a page (both things I¹ve seen trigger popups) isn¹t me being explicit.
Some users will certainly feel that way, and pretty much every modern browser makes it trivial to override this functionality from an extension for those who want to do so.
-Hallvord
Received on Monday, 15 September 2014 21:15:44 UTC