[clipboard][DnD][DataTransfer] custom types and security

Hi public-webapps, or the sub-set of your that are interested in
clipboard and DnD stuff: we've started an interesting thread regarding
DataTransfer, custom types and security here

https://github.com/whatwg/html/issues/1244

and implementor input is especially welcome. Allow me to paste parts
of my last comment, explaining a tricky issue I'd like a wider review
of:

Regarding the custom types: obviously, if we want to enable
interoperability between the same web apps running in different
browser engines, we need to spec a shared clipboard format for custom
data. This implies that other native software will also see a "Web
browser custom data" clipboard entry (by any description after some
bikeshedding) and potentially grow features that start making use of
said "Web browser custom data" on paste/drop.

If this is considered an extremely rare use case we should not cater
for, and custom data on the real OS clipboard is considered too risky,
we can of course spec that the browsers should keep custom data
somewhere internally and augment the DataTransfer object with the
internally stored custom data as if it were on the clipboard on the
next paste (unless the OS clipboard's contents changed meanwhile).
This seems harder to test and harder to get right, but it is a
judgement call.

-Hallvord

Received on Tuesday, 7 June 2016 10:25:01 UTC