[FireMonkey] Suppress the paste prompt for clipboard read

[CrendKing]

I'm trying to use the readText() function of the Clipboard API. Minimal demo script could be:

window.addEventListener('copy', async () => {
    console.log(await navigator.clipboard.readText())
})

When user copies text, a "Paste" prompt will be popped up by Firefox. User must click the prompt to make the API work. According to "Can I use" note, extensions having clipboardRead permission can suppress the prompt. And currently it seems FireMonkey does not have that permission. I'm wondering if you could add that.

On the other hand, having that permission gives malicious scripts more power to steal user privacy, and I don't know the current threat model of the extension. So I'd leave the decision to you. If you ultimately decide to not do it, I still have workaround.

Thanks as always!

[erosman]

Add-ons are not allowed to add permissions that they don't need.

Add-on Policies: Development Practices

• Add-ons must only request those permissions that are necessary for them to function.

Furthermore, doesn't the window.addEventListener('copy', ...) run in the page context? If that is the case, the extension permission would not be relevant.

[CrendKing]

Add-ons are not allowed to add permissions that they don't need.

Does that mean unless you add something like GM_getClipboard() you can't "delegate" that permission downstream to the userscripts?

Furthermore, doesn't the window.addEventListener('copy', ...) run in the page context?

If that's the case, consider this closed then. Guess the Clipboard API is only useful for actual extensions.

[erosman]

Does that mean unless you add something like GM_getClipboard() you can't "delegate" that permission downstream to the userscripts?

Not only that, the extension must show a valid reason for wanting to read the clipboard as clipboard can contain private data.

[CrendKing]

I understand the privacy concern here. I'll stick to the Selection API as workaround. Thanks!