Meeting minutes
<whsieh> hm..the Meeting Invite link on https://
<Travis> ? hmm. I guess we pick one?
<Travis> I'm going to join https://
Action: fix the meeting link so that it points to https://
we start with editing repo
<Travis> Starting with Agend+ items here: https://
anything else than github issues?
travis: nothing else
<Travis> https://
travis: they want demo videos for the WG for tpac. do we have any?
good because precorded will not show errors like live demos.
do we want to do any?
we need list by Sep 15
not sure there is anything beyond just informing
johannes: make fun video if we don't have anythign serious
bo: there are sopme samples
<Travis> https://
so you can see what other groups have done in the past.
I have seen demos of technology mixed in with those
we recently shipped virtual keyboard api. we have a few things that are materializing
I want to plus+ fun spirit
we can help provide material. follow up offline
Action: johanneswilm to orchestrate putting together a fun demo plan; working with BoCupp offline on extra specific demos.
<Travis> https://
travis: contains multiple comments
anupam: can give demo
[anupam presents clipboard picking api]
*pickling api
whsieh: ryosuke touched on this. we have same concerns. we are confused we why need this...
sldies show a little of that. native apps have to explicitly opt into this
native apps can always read non-sanitized data
we write two versions on clipboard
native app dev: if they ask for default mimetype, they get sanitized version. but they can also get the unsanitized version. that is already possible today
bo: you say just don't use a unsanitized version? you are producing both all the time
whsieh: correct. custom formats only show in unsanitized version. standard ones, like html, will always be available as html
native app devs need to go through extra steps
to get the unsanitized version. it's quite difficult, but we can fix that on our platform.
bo: another part is that represenation of this format.... anupam will present next time how json can be used as standard container for unsanitized types
bo: winodws has limit on number of formats. could we at least change how we put them on the clipboard even if we keep everything else the same
whsieh: interetsing.... one could imagien all browsers on same OS use same picklign system to make it interoperable/compatible
whsieh: ryosuke/me: this is mostly a platform consistency problem
bo: you might want something that is more OS dependent. but I still think it would be good to have a common way of doing it. maybe we need adjustment for mac.
right now there are so many differnet ways of adding it in there and no standard
whsieh: this should be solved by the platform. we have discussed how to expose this to devs on mac os
whsieh: should be solved by platform
bo: when we talk about unsaitized way of adding to clipboard.... wanted to specify that web apps can also read from this
can web apps read this extra info, which we oput into the head of the document
?
we'd like to have a way to say "give me the contents of the format as it was put there with no cleaning. we need to do that for all the different formats that are non-satndard
"
whsieh: wouldn't that include data that is problemaitc security wise?
bo: no, because it would only be the data that the native app would add as a web format.
If web app wants it all without removing scripts, for example, can they do that?
whsieh: native apps can do more right now. word adds contact infor in comments for example.
we only allow web apps to receive the sanitized version
but within the same app, we don't sanitize it
there is an origin identifier in pasteboard
so that the native editor can add "excel online" as the origin and then it will be allowed to be pasted into that webpage unsanitized
bo: is it possible to wildcard origin?
to allow pasting everyhwere
whsieh: not currently
BoCupp: if native app says "this should be pasteable everywhere" then that should also work on web
for example photyoshop
whsieh: we might be able to consider
whsieh: big step to move from one domain to all domains.
difficult to say where on the spectrum we should falll
<Travis> johanneswilm: for me, the easiest solution, would be to add the special excel formula into a data- attribute in the sanitized HTML. (Rather than an new clipboard format.)
<Travis> .. I recognize that the data- attribute is sanitized out... seems like the same security risk. From my JS editor perspective, seems like less effort?
anupam: that would work with some but not all. for example charts will be translated into just an image
BoCupp: I like the idea that sometimes you want a little more metadata. maybe a cors like mechanism
whsieh: will continue discussion on this on github
anupam: let's continue discussing in github issue
bo: we can bring up issues of both read and write in that issue. possibly creating new issues
<Travis> https://
<Travis> https://
BoCupp: I know there are soms slides, but we only have 10 min
anupam: proposal has many issues. [presents setData using the HTML document]
anupam: proposal is to use sanitizer API, et.c
bo: we have just 5 min. motivation is that we want to standaridze how to write html to clipboard as currently browsers work differently
some currently expect to add a full html page,. others just a fragment. this will allow both.
bo: at firefox they said "why would you standardize pickling when you haven't even standardized how to put html content on clipboard."
whsieh_: think it's great to standardize aspects
. but I wonder about dom parser. we would want to strip out things like comments
BoCupp: second step is to run it through sanitizer and it has some options like remove comments, etc.
he is here proposing to use default settings which will not strip out comments, but that could be discussed
whsieh: important to us only to show visible content.
BoCupp: would be hard to do on write
whsieh_: on webkit we create an entirely new page. we load everything in it using the same rendering engine. then we'd run ctrl+a ctrl+c on that page
whsieh_: it's not perfect. but it's something
BoCupp: I understand the privacy preserving stuff. I think there are some limits there
Travis: we are +2 minutes
Travis: we will continue discussion
Travis: virtualkeyboard - we wanted to autopublish. if you disagree, please let us know today
BoCupp: another meeting in two weeks
johanneswilm: would that be our tpac meeting?
BoCupp: we can make an issue on that
tracis: see you next time
<Travis> Filed the issue about meeting again in two weeks: https://