Clipboard API and events

W3C Working Draft 23 February 2012

This version:
Latest version:
Latest editor's draft:
Previous version:
Hallvord R. M. Steen, Opera Software
Clipboard Operations for the Web 1.0: Copy, Paste, Drag and Drop. W3C Working Draft 15 November 2006 This version: http://www.w3.org/TR/2006/WD-clipboard-apis-20061115/ Latest version: http://www.w3.org/TR/clipboard-apis Editors: Charles McCathieNevile , Opera Software Doug Schepers, Vectoreal


This document describes apis APIs for clipboard operations such as copy/cut and paste, or drag copy, cut and drop paste in web applications.

Status of this This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This document is the First Public Working Draft prepared of Clipboard Operations from the Web API group , part of was published by the Rich Web Client Activity. In large part it describes the functionalities Applications Working Group as implemented in Internet Explorer, and has not been sufficiently tested in other browsers yet. The intention of this document is where possible to specify what actually works in current browsers, or is a simple target for Working Draft. If you wish to make comments regarding this document, please send them to improve interoperability, rather than adding new features. public-webapps@w3.org ( subscribe , archives ). All feedback is welcome. A second diff with the previous version of this specification may be produced which extends that functionality in various ways which have proven useful. is available.

Publication as a Working Draft does not imply endorsement by the W3C Membership. This document is published to solicit comments from interested parties. All comments are welcome a draft document and may be sent to public-webapi@w3.org . All messages received updated, replaced or obsoleted by other documents at this address are viewable in a public archive . After reviewing comments and further feedback, the Working Group intends any time. It is inappropriate to publish a new Working Draft of cite this document at the beginning of 2007. as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy . W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy .

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

Table of Contents

1. Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words must , must not , required , should , should not , recommended , may , and optional in this specification are to be interpreted as described in [ RFC2119 ].

2. Introduction

This section is informative

This specification defines the common clipboard operations of cutting, copying and pasting, in such a way that they are exposed to Web Applications and can be adapted to provide advanced functionalities. Its goal is to provide for compatibility where possible with existing implmentations. Recognising that "drag and drop" operations are essentially a common user interface extension of cut or copy, move, and paste, it also defines how the events currently implemented for "drag and drop" operations relate to the less device-specific approach of general clipboard operations. A common interface design in the traditional WIMP (Windows, Icons, Mouse Pointer) interface is to move the pointer to an icon or to a highlighted selection, press the mouse key and drag a copy of the icon to the target where s/he wants to drop the object, then release the mouse key. There are, of course, many alternatives. In a graphic user interface without a mouse a user might select an object for dragging through a context menu, navigate to another object through standard navigation, and then select to drop the held object. implementations.

3. Use Cases

This section is informative

There are many use cases for being able to change the default clipboard operations (cut/copy/paste, and the related drag-and-drop). (cut/copy/paste). We have colected collected a few samples to demonstrate possible uses, although these may not all be supoprted supported by this specification.

Advanced application interfaces

Rich content editing

Allowing for interfaces that use a thumbnail image to refer to a block of content, When copying text which can then contains hyperlinks or other structure, it is often useful to be dragged able to insert reformat the block of content represented in another part of a to preserve important information.

Graphics with built-in semantics

In order to make web page. The common Drag-and-drop pardigm must be implementable in applications which allow the manipulation of rich text, or of graphic content such a way that as SVG, it is accessible to users who are unable useful to use a mouse (such as those on provide a phone where there is no mouse) and must rely on keyboard or other interfaces. mechanism that allows for copying more than just the rendered content.

Mathematical information

With content such as mathematics, simply copying rendered text and pasting it into another application generally leads to most of the semantics being lost. The following example, when copied, typically adds two lines containing the text "2 x = 7" to the clipboard. But in the MathML source of this text, and for any human reader familiar with normal western conventions for mathematical layout, this leads to incorrect copying. The first line would often needs to be transformed to be better, if copied as plain text, as "2^x = 7", or if for example to make sure "to the power of" is shown with the caret "^" sign in a formula plain-text input. The XML source could also be placed in the clipboard with the appropriate transformation occurring when pasting. Example 1: Mathematical information at paste time.

The equations "2^x = 7" and "2x = 7" represented in Presentation MathML contain the same sequence of characters, but have different semantics. 4. Events

Rich content editing 4.1 Event types and details

Similarly, when copying text which contains hyperlinks or other structure, it This section is often useful to be able to reformat informative. Implementation details are given in the content to preserve important information. processing model section.

4.1.1 copy event

And in order to make web applications which allow When the manipulation of rich text, or of graphic content such as SVG, it user initiates a copy operation, the implementation fires a clipboard event named copy . Its default action is useful to provide a mechanism that allows for copying more than just place the rendered content. selected data on the clipboard.


The terms must , should , may , must current selection is not , should affected.

If there is no selection, the clipboard is not , are used in this document modified except if the default action is prevented and the script has added entries in accordance with [ RFC2119 the DataTransferItemList ]. A conformant implementation of this specification meets all requirements identified , for example by calling the use of these terms. setData() method.

Security issues

4.1.2 cut event

Enabling authors to change what is copied by When the user initiates a user, or to make cut operation, the implementation fires a clipboard event named cut . In an automated copy of something that was never selected and allowing unrestricted calls to paste information can raise various security concerns. If these operations are allowed editable context, its default action is to transfer place the selected data across documents from different sources then there are even greater risks imaginable. On on the other hand there are valid reasons for allowing this in clipboard and remove the right circumstances. selection from the document.

An example scenario of In a problem non-editable context, or if there is where a user selects a link and copies it, but a different link no selection, the cut event's default action is copied to the clipboard. do nothing. The effect of this can range from an unexpected result on pasting to an attempted "phishing" attack. Authors be aware that User Agents will typically restrict what implementation fires the event regardless. If the default action is possible to content they consider "safe", or trusted by do nothing, the user. For example, it may clipboard is not be possible to launch some of modified except if the operations from script, such as requiring an actual (not simulated or script-generated) user default action to paste or drop. is prevented and the script has added entries in the DataTransferItemList .

Implementors should carefully consider The cut event fires before the security implications of implementing this specification, and provide appropriate protection for users against malicious use, such as restricting access to selected data is removed. When the functionalities according to how trusted cut operation is completed, the source selection is collapsed.

If content in the document is selected, the default action of a function call is, or informing the user when something other than rendered content copy event is copied to place the selection on the clipboard. This specification will attempt to highlight all areas where possible security issues arise, but If content is selected and the final responsibility for making decisions about what to allow rests with user agent implementors. Note that this selection is not done in an editable context, the current draft. @@Issue: identify what default action of a cut event is to place the restrictions generally used are, as some guidance selection on interoperability User Interface Issues This section is informative This specification does not define all the user interface modes that can be used to select content, but this section attempts to provide a survey of some common ones. Authors clipboard and implementors should be aware that remove it from the precise User Interface details will vary according document. Hence, the script calling setData() also needs to cancel the use case and platform, default action of the event with different methods applying for Mouse/Keyboard and window based interfaces Keyboard only interface Voice interfaces Stylus-based interfaces Restricted keyboards, such as event.preventDefault(). Otherwise, the data the script intends to place on mobile telephones Multimodal interfaces, where part of an operation may the clipboard will be initiated through voice while another part is controlled through a stylus, or other combinations overwritten by the default action.

4.1.3 paste event

Many of these When the user interfaces have developed common interaction paradigms (in initiates a paste operation, the case of implementation fires a clipboard event named paste . The event fires before any clipboard data is inserted.

If the common mouse/keyboard/window interface there are several which are expected cursor is in an editable element, the default action is to interact seamlessly) insert clipboard data in the most suitable format supported for copy and the given context.

The paste at least. Other may be less common and have event has no emerging convention, while other interfaces may be developed. In each case, the events and results described below should be mapped by default action in a non-editable context, but the platform to particular user interaction. event fires regardless.

Another method that can be used When pasting, the drag data store mode flag is to provide read-only , hence calling setData() from a copy/paste paste event handler will not modify the data that is inserted, and copy special/paste special set of operations, to distinguish between copying simple or structured content to not modify the data on the clipboard.

Select, Cut, Copy, Paste

5. Processing model

These are well-understood operations for users. There are the general steps to follow when firing clipboard events fired during selection, cut/copy and paste in some systems already which can .

  1. Let the event object's clipboardData property be captured, cancelled, and whose effects can a DataTransfer object [ HTML5-DND ]
  2. Let clear-was-called be overwritten. In particular, what is copied to false
  3. Let types-to-clear be an empty list
  4. Let clipboard-entry be the sequence number of the current clipboard may content, or null if the OS clipboard does not support sequence numbers
  5. If the context is editable, let event target be the rendered content element that contains the start of the selection in document order, or the BODY element if there is selected, no selection or may cursor. If the context is not editable, let event target be some other modified version. (See security implications and annoying the user, and focused node, or the setData method's ). BODY element if no node has focus.
  6. If the event type is paste

    Set the associated DataTransfer object's drag data store mode flag to read-only

    Each copy-paste operation has 4 distinct phases: For each part on the OS clipboard, carry out these steps:

    Source Selection If the current clipboard part contains plain text:
    This typically uses
    1. Ensure the standard selection mechanism text is in the encoding the scripting engine uses internally
    2. Add one entry for the system User Interface text to set the source node DataTransferItemList for any clipboard operation. with drag data item kind set to string and drag data item type string set to text/plain
    Copy If the current clipboard part represents file references:
    This uses the setData method
    1. Determine MIME type of referenced files
    2. Add one entry per file reference to copy the source node DataTransferItemList to the clipboardData object. It with drag data item kind set to may file also copy the and drag data item type string set to a dataTransfer object. @@Issue: This makes drag and drop more flexible, e.g. for accessibility. the corresponding MIME type

      What is if the downside? MIME type is unknown? Use application/octet-stream?

    Target Selection/Content Confirmation If the current clipboard part contains HTML- or XHTML-formatted text, according to the operating system's convention for describing such clipboard formats
    In a typical usage scenario, this will in fact

    If the implementation supports pasting HTML, the implementation must process the markup according to the following steps:

    1. Add one entry to the DataTransferItemList with drag data item kind set to Plain Unicode string , drag data item type string set to text/html or application/xhtml+xml accordingly. Let mainPartIndex be the same user interface mechanism that is used for Source Selection. It sets index of this entry in the current target DataTransferItemList . Content Insertion into Target This fires
    2. Extract the markup from the clipboard and use the relevant parser to construct a paste event on DOM tree
    3. If the current target . The default effect markup's source URL is that where applicable (for example known, resolve all relative URLs in editable text such HREF and SRC attributes using the source URL as an input) base URL, and set the content which is held in respective attributes to the clipboard is inserted at resolved absolute URL
    4. If the target. The markup's source content may be either structured or unstructured. Unstructured content URL is known, and the origin differs from the origin of the document the paste event will fire on, the user agent may apply a single simple type such as text or an image bitmap. Structured content cross-origin HTML paste sanitization algorithm
    5. If the markup's origin is composed either of mixed content types, or from a combination of several items local application, check whether there are references to local files and/or other parts of the same content type. @@Issue: Actually, this isn't how it works in IE. We should think about this bit more... Selection may OS clipboard's contents. If such references are found, references to sub-parts must be accomplished replaced by content-id references using the cid: URL scheme [ RFC2392 ]. To do so, process each attribute referencing a local file or clipboard part according to the following steps:
      1. Let itemNumber be the number of means - see User Interface Issues above. items on the DataTransferItemList
      2. Choose the appropriate steps from this list:

        If the DataTransferItemList copy places a copy of the current DataTransfer object selected into already contains an entry for the referenced file or clipboard part
        set itemNumber to the index of the existing entry
        1. Add a clipboard. The current selection must not be affected. new entry to the DataTransferItemList with cut index should delete the object selected, set to itemNumber , drag data item kind set to "file", and place it into drag data item type string set to the clipboard. In MIME type of the case file or clipboard part if known.

          If unknown..? Should we simply ignore embeds with file types we don't "know"?

        2. Let the new entry's internal file name be the file name part of read-only content (such as a document which is not editable by the user) HTML attribute contents
        3. Let the content should not new entry's last modified date be removed, but the timestamp of the referenced file or 0 if the entry references a copy clipboard part
      3. Update the DOM attribute that referenced the local file or clipboard part to contain the string 'cid:' followed by itemNumber .
    6. Serialize the processed DOM and update the DataTransferItemList entry referenced by mainPartIndex with the resulting HTML code
    If the current clipboard part contains data in another supported binary or text-based format :
    1. Determine the MIME type of the data
    2. Add one entry to the DataTransferItemList with drag data item kind set to should be placed file , drag data item type string set to the corresponding MIME type
    Do nothing

    Update the files property to match entries in the keyboard as for a copy operation. [@@Issue: nice idea, does it reflect current reality? Opera/Safari on Mac don't do that...] . DataTransferItemList .

    Update the paste types triggers an event on property to match entries in the current target (usually DataTransferItemList .

    Copy / cut event

    Set the current selection). @@Issue: For associated DataTransfer object's drag and drop compatibility should it trigger data store mode flag to drop read/write and paste , or vice versa?

    Drag and drop processing
  7. Drag Fire the event [ DOM-LEVEL-2-EVENTS ]. Implementation requirements for access to data during event dispatch are defined in [ HTML5-DND ]. Some additional clipboard event-specific processing rules are given below:

    If script calls clearData() or items.clear() and drop the DataTransfer object's drag data store mode flag is essentially a special case of a cut read/write
    set the clear-was-called flag to true. If an argument is given, add the argument to the types-to-clear list.
    If script calls setData() or copy, moving modifies items and the clear-was-called flag is true
    If the types-to-clear list is empty
    set the clear-was-called flag to select some false
    else, if setData() 's type argument or the new target, and then a paste operation, which item's drag data item type string is implemented for mouse-based devices. The main differences found in drag-and-drop are that the object being dragged types-to-clear list
    remove it from the list. If the list is can fire a dragover event on various possible targets before being dropped onto them, now empty, set the clear-was-called flag to false
    If script calls getData() or accesses items in the DataTransferItemList and clipboard-entry is set
    check that the object selected clipboard data's sequence number matches clipboard-entry . If the clipboard no longer contains the same entry, set the DataTransferItemList object's drag data store mode to the disabled mode

    Warning: A malicious script listening to a paste event may be copied set up a never-ending loop in order to read what the user places on the clipboard in the future. On platforms where a temporary drag-specific clipboard. Compare clipboard sequence number is not available, other limitations should be implemented.

  8. Process the default action or the data from the script per the following phases with those in copy and paste: instructions:

    Source Selection Paste event
    This may use
    If the same user interface mechanism as for copy and paste ( @@Issue: event was cancelled
    Do nothing, terminate this algorithm.
    If the cursor or selection is in an editable context, insert the data from the clipboard and queue tasks to fire any events that should fire due to the same events? ). modification, see interaction with other events for details
    Copy Initiation / cut event
    In a typical Drag and Drop implementation, this
    If the event is initiated by dragging was cancelled

    Update the currently selected source. This must fire a dragstart event. It must copy clipboard contents with the source node into dataTransfer . It should set data from the effectAllowed property to determine whether a drag operation copies, moves, links, etc script, as given by the source node. See [ MDT DataTransferItemList ] for further documentation . Process each part as follows:

    If the list of how this works items is empty and the clear-was-called flag is true
    If the types-to-clear list is empty
    Clear the clipboard
    Remove types in Internet Explorer. ( @@Issue: Can it just use the copy interface? Where does dataTransfer come from? Can you start a drag using types-to-clear list from the existing copy buffer? ) clipboard in an operating system and implementation-specific way
    Target Selection If data type is text/plain
    This process
    1. Ensure encoding is repeated, and fires three events: dragenter , dragover , correct per OS and dragleave . This may be locale conventions
    2. Normalize line endings according to platform conventions
    3. Place text on clipboard

    Place part on clipboard with the same mechanism as used for selection, although typical implementations provide a seperate mechanism. These events appropriate OS clipboard format description

    Note: Due to limitations in the implementation of operating system clipboards, scripts should not fired assume that custom formats will be available to other applications on the source, so until system. For example, there is a dragenter event fired, a drop event should not be fired. Any action which would have caused a drop limit to how many custom clipboard formats can be fired before registered in Microsoft Windows. While it is possible to use any dragenter event has fired should cancel the drag. string for setData()'s type argument, sticking to well-known types is strongly recommended.

    Content Insertion into Target Otherwise
    When a drop operation
    If there is performed, a drop event is fired at selection
    Place contents of selection on the target. In order to protect clipboard
    If the user from pasting unexpected content, user agents event was a may cut not allow this event to be fired when not triggered by direct user interaction. In a drag operation this normally destroys and the dataTransfer object. @@Issue: what context is editable, remove selection contents and collapse the selection

    Do nothing, terminate this algorithm

    Calling setData() without calling preventDefault() has no effect, even if there is no selection - the operation default action is not successful? to do nothing.

6. Clipboard event interfaces

However it The ClipboardEvent interface extends the Event interface [ DOM-LEVEL-2-EVENTS ].

The interface can be used to construct event objects per [ DOM-CORE-DRAFT ]. An example is implemented in an interface, drag and drop operations must have given below:

var pasteEvent = new ClipboardEvent('paste', { bubbles: true, cancelable: true, dataType: 'text/plain', data: 'My string' } );

There should be a starting point (e.g. where the mouse was clicked, or the when way a selection or element script can check if a clipboard format is selected for the drag), may have any number of intermediate steps (elements that registered and whether the mouse moves over during a drag, or elements that implementation allows writing this format to the user picks as possible drop points clipboard! event.clipboardData.isTypeSupported('mime/type')? "Supported" means: if you give me data labelled as she cycles through possibilities), this type, I know the OS description and must either have an end point (the element above which (if applicable) the mouse button was released, or relevant meta data and formatting for this type, and can write it to the element clipboard so that was finally selected), other native apps can make use of it. If data labelled with the OS's native name or be canceled. The end point must be constant for this type is on the last element selected as clipboard, I can map it to the mime type and extract the data in a possible drop point before way the drop occurs. If there script can use. Additionally, if a blob of data in this format is no dragenter event fired after dropped on my window, I'll know what to do about it, and if you drag this data *from* my window to another application on the system, I can format and label it in a dragstart , then way the drop targe app will understand."

A synthetic paste event should must not be cancelled, but give a script access to data on the real system clipboard. Synthetic cut and copy events may must not be fired modify data on the source node . system clipboard.

Then, regardless of whether the Synthetic paste events do not have any default action. Even if such an event was canceled or not, drag feedback (e.g. the mouse cursor or other clear indication to is dispatched in an editable context, the user) implementation should must not be updated to match the kind of operation indicated by the event's dataTransfer object's dropEffect attribute, as follows: @@Issue: More info about setting the dropEffect would be useful insert any data.

dropEffect Drag operation none No operation allowed. copy Data will be copied. link
dictionary ClipboardEventInit : EventInit {
    attribute DOMString data;
    attribute DOMString dataType;
Data will be linked.

Data will be moved. The following events are involved in the drag-and-drop model. They all use the DragEvent interface. (these fire on-* events in IE 5+ @@Issue: and IE7? 6.1 Dictionary Event Name Target Bubbles/Cancelable? (yes/yes unless noted) dataTransfer ClipboardEventInit dropEffect Members

Default Action
dragstart data of type Source node attribute DOMString
The setData method places data of the synthetic clipboard event
source node dataType of type attribute DOMString in either clipboardData or dataTransfer. @@Issue: if it sets clipboardData is should also set dataTransfer, no?
A MIME type [ none RFC2046 Initiate ] describing the drag-and-drop operation drag data the event is being initialized with
[Constructor(DOMString type, optional ClipboardEventInit eventInitDict)]
interface ClipboardEvent : Event {
    readonly attribute DataTransfer clipboardData;
Source node

6.2 Attributes

âÄî none Continue the drag-and-drop operation
dragenter clipboardData of type Immediate user selection DataTransfer or , readonly

The clipboardData attribute is an instance of the body element DataTransfer âÄî Based on effectAllowed value Change interface which lets a script read and manipulate values on the current target element system clipboard during user-initiated copy, cut and paste operations. The associated drag data store is a live but filtered view of the system clipboard, exposing data types the implementation knows the script can safely access.

The clipboardData object's items and files properties enable processing of multi-part or non-textual data from the clipboard.

immediate user selection

7. to Integration with other scripts and events

Integration with rich text editing APIs

If an implementation supports the element this document.execCommand method and allows calling it with the commands "cut", "copy" and "paste", the implementation must fire the corresponding events. The event is fired on. @@Issue: syncronous and may prevent the execCommand() call from having its normal effect.

Interaction with other events

If it the clipboard operation is fired triggered by keyboard input, the implementation must fire the corresponding event as the default action of the keydown event that initiates the clipboard operation. For example, if the user presses Ctrl-C to copy, dispatching a copy event must be the default action of the C key's keydown event. The event is asynchronous but must be dispatched before keyup events for the relevant keys.

The default action of the cut and paste events may cause the implementation to dispatch other supported events, such as textInput, input, change, validation events, DOMCharacterDataModified and DOMNodeRemoved / DOMNodeInserted. Any such events are queued up to fire after processing of the cut/paste event is finished.

The implementation must not dispatch other input-related events like textInput, input, change, and validation events in response to the copy operation.

Event listeners that modify selection or focus

If the event listener modifies the selection or focus, the clipboard action must be completed on the body, this text isn't right... dragleave modified selection.

Previous 8. target element Pasting HTML and multi-part data

8.1 Security risks

Not cancelable âÄî This section is informative. none

There are certain security risks associated with pasting formatted or multi-part data.

To determine what policies to use, the factors we consider are

This is an overview of the scenarios and the possible security policies:

None dragover Current target element âÄî drop
Origin of data Origin of script Rules
Originates from online source Based on effectAllowed value Same as data Reset dropEffect based on effectAllowed value Do not sanitize HTML. Do not access any local files.
Current target element Different origin Sanitize content. Do not access any local files.
getData() returns data set in dragstart event Originates from local application Current drag operation Any Varies Do not sanitize HTML. Grant access to local files

8.2 General security policies

The implementation must not download referenced online resources, or expose their contents in the dragend FileList or Source node DataTransferItemList âÄî none Varies Setting and getting .

If the data on the clipboard is not from a local application, the implementation must not give access to any referenced local files. For example, if the data contains <img src="file://localhost/example.jpg"> but the data's origin is an online resource, the implementation must not add an entry for example.jpg to be transferred the clipboardData.items list.

Internet Explorer provides 3 methods for If the clipboardData data originates from a web site, and dataTransfer objects: the origin of the web site and the origin of the document associated with the script that created the event listener differs, the implementation may apply a sanitization algorithm before exposing HTML data.

setData() 8.3 Cross-origin HTML paste sanitization algorithm

This takes section is informative

Pasting HTML and other markup-based content copied from one or two parameters. The first site into another site might compromise the security of the former site, for example by giving the second site access to passwords, nonces and other sensitive data that might be embedded in the markup. Implementations must may therefore decide to use a cross-origin paste sanitization algorithm to attempt removing hidden data the user is likely not aware of pasting. One example of such an algorithm might be the following:

  1. Remove all of the following elements: SCRIPT, APPLET, OBJECT, INPUT with type set to either 'text' or 'URL' (case-insensitive). getData() This takes one parameter, that allows "hidden", EMBED and KEYGEN. For all mentioned elements, also remove any child nodes.
  2. Remove the value attribute from any INPUT tag with type set to "password"
  3. Remove any elements whose computed style's display property is 'none'
  4. Remove any elements whose computed style's visibility property is 'hidden'
  5. Remove all data- attributes from all elements
  6. Remove comment nodes

In order to protect the target site from script injection, the implementation may process the markup to request a specific type remove scripting languages. One example of data. clearData() This clears such an algorithm might be the data following:

  1. Remove all event handler attributes from all elements
  2. Remove all javascript: URLs from link HREF attributes, changing the object. Extensibility HREF to an empty string instead
  3. If the implementation supports embedding javascript: URLs or other forms of scripting inside CSS instructions, such scripts must be removed.

Implementations may let the user indicate that an app is trusted to not attack other apps and apply its own safety measures, thus bypass the above algorithm. Implementations may also implement additional restrictions, for example only support text/plain if the user does a cross-origin paste, or only support text/plain if content from an encrypted origin is pasted into a non-encrypted page.

9. Other security and privacy considerations

Don't extend this yet, we haven't even specified it. Thanks!!! Enabling authors to change what is copied by a user, or to make an automated copy of something that was never selected and allowing unrestricted calls to paste information can raise various security and privacy concerns.

Glossary Immediate User Selection Source Node The node which

An example scenario of a problem is where a user selects a link and copies it, but a different link is copied to the source clipboard. The effect of this can range from an unexpected result on pasting to an attempted "phishing" attack.

Privacy concerns

Untrusted scripts should not get uncontrolled access to a user's clipboard data. This specification assumes that granting access to the object current clipboard data when a user explicitly initiates a paste operation from the UA's trusted chrome is acceptable. However, implementors must proceed carefully, and as a minimum implement the precautions below:

Implementations may choose to further limit the functionality provided by the DataTransfer interface. For example, an implementation may allow the user to disable this API, or configure which web sites should be granted access to it.

Nuisance considerations

[RFC2119] The

Scripts may use the DataTransfer API to annoy and confuse users by altering the data on the system clipboard from copy and cut events. This specification does not attempt to prevent such nuisances, though implementations may add additional restrictions.

Implementations must handle scripts that try to place excessive amounts of data on the clipboard gracefully.

10. Mandatory data types

The implementation must recognise the native OS clipboard format description for how the following data types, to use english be able to specify normativity, as if it were a technical language. Available at http://rfc.net/rfc2119.html populate the DataTransferItemList Informative References [MDT] Microsoft's informatio with the correct description for paste events, and set the correct data format on the OS clipboard in response to copy and cut events.

What about audio and video types? BMP? RTF? RTF was requested due to embedded images possibility (but this spec allows access to local images referenced in HTML fragments by design..).

Some standard Windows formats we don't handle


This section is informative

The editors would like to acknowledge their intellectual debt to the documentation of Data Transfer functionalities from Microsoft [