W3C home > Mailing lists > Public > www-tag@w3.org > June 2010

Re: Copy to Clipboard - ambush and abuse by javascript

From: L. David Baron <dbaron@dbaron.org>
Date: Fri, 4 Jun 2010 19:27:08 -0700
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: ashok.malhotra@oracle.com, Noah Mendelsohn <nrm@arcanedomain.com>, Tim Berners-Lee <timbl@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <20100605022708.GA12778@pickering.dbaron.org>
On Wednesday 2010-06-02 16:22 -0700, Roy T. Fielding wrote:
> While I support the notion of not messing with the cut buffer
> for UI sanity (i.e., allowing this is a browser bug), I think
> it is pointless to argue about this tool as a legitimate means
> of copy control.

I don't think it's reasonable to expect browsers to enforce user
expectations on copying given a "malicious" Web page.  There are a
large number of ways to hide text, such as positioning it offscreen,
using a very small font size, making it alternate content for a
small image, positioning other content on top of it, etc.  And we
certainly still want to allow copying of text that's offscreen so
users can copy large pieces of text.

The ability to manipulate what a user is copying is also important
for applications on the Web.  If you're using a Web app like Google
Docs, you want copy to copy a useful representation, not the
internal representation that the editor uses.  If you're copying
data from a spreadsheet that auto-formats numbers by inserting
commas every three digits in the displayed value, you may well want
to copy the value without the displayed commas that are not really
part of the data, just part of the display.  For some more examples,
see https://bugzilla.mozilla.org/show_bug.cgi?id=280959#c6 .


L. David Baron                                 http://dbaron.org/
Mozilla Corporation                       http://www.mozilla.com/
Received on Saturday, 5 June 2010 02:28:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:34 UTC