W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Hallvord R. M. Steen <hsteen@mozilla.com>
Date: Tue, 16 Sep 2014 02:30:43 -0700 (PDT)
To: "Brian Matthews (brmatthe)" <brmatthe@cisco.com>
Cc: Ben Peters <Ben.Peters@microsoft.com>, "James M. Greene" <james.m.greene@gmail.com>, Perry Smith <pedzsan@gmail.com>, public-webapps@w3.org
Message-ID: <2054849990.25865618.1410859843511.JavaMail.zimbra@mozilla.com>
> a page can wipe out my
> entire clipboard history if I move my mouse over it.

Not quite :) Check the list of events - mousemove isn't included:
http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup

I agree that all the concerns you listed are real. I recall an article I've seen about a court case against a teacher because a school computer was infected with malware and happened to display some porn during this teacher's class. I think this was in the U.S. or UK, so even the countries we tend to think have the most developed legal systems have problems with basic tech literacy! It's a sad fact that the web is implemented in such an imperfect world..and we should definitely keep that in mind.

However, I hope that checking the list of events will help - the policy has more limitations than you seem to think. I still think that the popup precedent gives us reason for some optimism - it also shows that if an aspect of web technology is abused and causes nuisance, browser vendors will step up to implement limitations. I think in the long run, this is also the case with clipboard APIs - we're spec'ing something trying to balance the usability and trust issues, if we get it right we've enabled some more functionality for web apps without too much nuisance and abuse - if we get it wrong, we probably have to revisit this and lock it down with site whitelists and such. Keeping in mind that Flash has had similar policies for a while and "some site put weird stuff on my clipboard" hasn't been a frequent complaint so far (and AFAIK hasn't been needed as defence in court yet), I think and hope we're shipping a reasonable and balanced policy here.
-Hallvord
Received on Tuesday, 16 September 2014 09:31:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC