ISSUE-85: What are common security practices for Clipboard APIs?
clipops security practice
What are common security practices for Clipboard APIs?
- State:
- POSTPONED
- Product:
- HISTORICAL: Clipboard Operations [this spec uses Bugzilla for all Bug/Issue tracking http://tinyurl.com/Bugz-clipboard-apis]
- Raised by:
- Charles McCathie Nevile
- Opened on:
- 2009-03-09
- Description:
- What are the common security restrictions and considerations that should be listed in the clipboard apis spec?
- Related Actions Items:
- No related actions
- Related emails:
- Re: ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations] (from paul@activemath.org on 2009-03-10)
- Re: ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations] (from joaoe@opera.com on 2009-03-09)
- ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations] (from sysbot+tracker@w3.org on 2009-03-09)
Related notes:
I think the write/read distinction proposed by João in email of 2009-03-09 is interesting but I haven't yet convinced myself that having a more complex model is worth the complexity. Right now, per spec, sites *have* write access by default if the UA is certain of the user's intention to trigger a copy/cut action (i.e. using UA menus or shortcuts like ctrl-x/ctrl-c). The gain from adding a separate pref to allow sites to call document.execCommand('copy') yet not allow document.execCommand('paste') seems rather small.
Hallvord Steen, 1 Mar 2013, 13:59:31Display change log