search

w3c / clipboard-apis

Clipboard API and events
https://w3c.github.io/clipboard-apis/
Other
151 stars 36 forks source link

Clipboard Change Event API #227

Open ragoulik opened 2 months ago

ragoulik commented 2 months ago

We are looking to implement the Clipboard Change Event API and spec for clipboardchange event exists today, link However, important details are missing and there is a need for calling out details explicitly to ensure spec is not open to interpretation.

Logging this issue to introduce the Clipboard change event API and call out the issues that need to be addressed.

Description: The clipboardchange event fires whenever the system clipboard contents are changed. This allows web-apps like remote desktop clients to be notified and respond to changes to the system clipboard. It provides an efficient alternative to polling the clipboard for changes.

Explainer: Clipboard change event explainer

Issues that needs to be addressed:

  1. Callout clipboadData (DataTransfer object) would be null in clipboardChange event object
  2. Callout clipboard-read permission is required to listen to clipboardchange
  3. Callout transient user activation should be applied for focus requirement.
  4. Callout details for cross-origin iframes and fencedframes
smaug---- commented 1 month ago

Somehow I didn't remember clipboardchange at all, possibly because there are for example no wpts for it or anything. Especially "Actions that update the clipboard outside the user agent" part of it sounds like a privacy and security issue (even if data isn't explicitly exposed) and I couldn't immediately find anything in the spec hinting how to mitigate those issues. So we should at least consider removing that part of the spec.

Looks like the concerns are discussed also in https://github.com/w3c/clipboard-apis/issues/224

@annevk

johanneswilm commented 1 month ago

From TPAC 2024 minutes:

w3c/clipboard-apis#227 Rohan: Discuss some proposed changes to the clipboardchange event What is this event? Fired whenever the clipboard is changed, inside or outside the browser This allows the app to respond to these changes We already have a basic spec. We'd like to talk about the proposed changes.

Usage scenario: (1) In remote access, synchronizing the clipboard between the local and remote machine. To make a seamless experience (2) rich web editors. in a WP you might have multiple case format options and want to show those options to the user. Only allow the available options. DIsable those options which are not available.

Olli: Wondering if it could ever be implemented in Firefox. What about other browsers? Megan: Not sure if Webkit would do it either.

Olli: Only implemented in Chrome, and they have a Permission.

Etienne: This could be done by polling, right?

Olli: Not on FF because it requires a user interaction to use.

Sanket: What mitigations could be in place to make you feel better about it.

Etienne: Your concerns are mostly privacy-related?

Olli: Also, with the current Permissions model in FF (and Safari?) this would not be safe to implement.