W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Brian Matthews (brmatthe) <brmatthe@cisco.com>
Date: Wed, 17 Sep 2014 00:23:52 +0000
To: "Hallvord R. M. Steen" <hsteen@mozilla.com>
CC: Ben Peters <Ben.Peters@microsoft.com>, "James M. Greene" <james.m.greene@gmail.com>, Perry Smith <pedzsan@gmail.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <D03E1F93.84C4%brmatthe@cisco.com>
>> a page can wipe out my entire clipboard history if I move my mouse over
>>it.

> Not quite :) Check the list of events - mousemove isn't included:
> http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup

I was just going by where Iıve seen pages pop up windows, and Iıve seen
pages that pop up windows just by moving the mouse across them. I canıt
remember where so canıt provide examples. However, even if we assume that
was something else (browser bug, user error :-) ), the fact that just
clicking anywhere on a page is enough to allow the page to stuff something
in my clipboard is concerning.

> Keeping in mind that Flash has had similar policies for a while and
>"some site put weird stuff on my clipboard" hasn't been a frequent
>complaint so far (and AFAIK hasn't been needed as defence in court yet),
>I think and hope we're shipping a reasonable and balanced policy here.

Isnıt Flash limited to a region of the page? That is, the Flash clipboard
copier canıt catch a click anywhere on the page, just in the region the
Flash script is running in. Or can a page have a transparent Flash that
covers the whole page? I run with FlashBlock so I donıt know a lot about
all the things Flash can do. And I suppose thatıs the answer here too,
someone will write an extension to block a page from modifying or reading
the clipboard and Iıll just use that. Although that doesnıt help on mobile
browsers that donıt allow extensions.

Brian
Received on Wednesday, 17 September 2014 00:24:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC