W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Brian Matthews (brmatthe) <brmatthe@cisco.com>
Date: Wed, 17 Sep 2014 00:23:52 +0000
To: "Hallvord R. M. Steen" <hsteen@mozilla.com>
CC: Ben Peters <Ben.Peters@microsoft.com>, "James M. Greene" <james.m.greene@gmail.com>, Perry Smith <pedzsan@gmail.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <D03E1F93.84C4%brmatthe@cisco.com>
>> a page can wipe out my entire clipboard history if I move my mouse over

> Not quite :) Check the list of events - mousemove isn't included:
> http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup

I was just going by where Iıve seen pages pop up windows, and Iıve seen
pages that pop up windows just by moving the mouse across them. I canıt
remember where so canıt provide examples. However, even if we assume that
was something else (browser bug, user error :-) ), the fact that just
clicking anywhere on a page is enough to allow the page to stuff something
in my clipboard is concerning.

> Keeping in mind that Flash has had similar policies for a while and
>"some site put weird stuff on my clipboard" hasn't been a frequent
>complaint so far (and AFAIK hasn't been needed as defence in court yet),
>I think and hope we're shipping a reasonable and balanced policy here.

Isnıt Flash limited to a region of the page? That is, the Flash clipboard
copier canıt catch a click anywhere on the page, just in the region the
Flash script is running in. Or can a page have a transparent Flash that
covers the whole page? I run with FlashBlock so I donıt know a lot about
all the things Flash can do. And I suppose thatıs the answer here too,
someone will write an extension to block a page from modifying or reading
the clipboard and Iıll just use that. Although that doesnıt help on mobile
browsers that donıt allow extensions.

Received on Wednesday, 17 September 2014 00:24:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC