W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Hallvord R. M. Steen <hsteen@mozilla.com>
Date: Tue, 16 Sep 2014 23:44:14 -0700 (PDT)
To: "Brian Matthews (brmatthe)" <brmatthe@cisco.com>
Cc: Ben Peters <Ben.Peters@microsoft.com>, "James M. Greene" <james.m.greene@gmail.com>, Perry Smith <pedzsan@gmail.com>, public-webapps@w3.org
Message-ID: <1596066043.26078611.1410936254586.JavaMail.zimbra@mozilla.com>
>> Not quite :) Check the list of events - mousemove isn't included:
>> http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup

> I was just going by where I¹ve seen pages pop up windows, and I¹ve seen
> pages that pop up windows just by moving the mouse across them.

If you see that again, please report a bug to your browser vendor so it can be properly analysed.

>> Keeping in mind that Flash has had similar policies for a while

> Isn¹t Flash limited to a region of the page? 

Not necessarily. For example, it's trivial to make a transparent Flash thingy that follows your mouse when you move it to catch any clicks.

> And I suppose that¹s the answer here too,
> someone will write an extension to block a page from modifying or reading
> the clipboard and I¹ll just use that. Although that doesn¹t help on mobile
> browsers that don¹t allow extensions.

On the timeline of a spec and its implementations, I'm almost certain you'll have a choice of mobile browsers with extension support when this spec is widely implemented in full detail ;).

Now, security/usability is a matter of trade-offs and balances. It's valuable to try to imagine all sorts of abuse that might occur, but it's also a bit like thinking of all the bad things that *might* happen if you left the house. Most of us still go outside many times a week.
Received on Wednesday, 17 September 2014 06:44:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC