On 5/6/15 10:49, Martin Thomson wrote:
On Wed, May 6, 2015 at 8:42 AM, Doug Turner<do...@mozilla.com> wrote:
This is important. We could mitigate by requiring https, only allowing the top
level document access these clipboard apis, and doorhangering the API.
Thoughts?
A doorhanger seems like overkill here. Making this conditional on an
"engagement gesture" seems about right. I don't believe that we
should be worry about surfing - and interacting with - strange sites
while there is something precious on the clipboard.
"Ask forgiveness, not permission" seems about the right balance here.
If we can find a way to revoke permission for a site that abuses the
privilege, that's better. (Adding this toabout:permissions with a
default on state seems about right, which leads me to think that we
need the same for the fullscreen thing.)
Going fullscreen also gives the user UI at the time of activation,
allowing them to manipulate permissions in an obvious way:
https://www.dropbox.com/s/c0sbknrlz4pbybk/Screenshot%202015-05-06%2011.33.42.png?dl=0
Perhaps an analogous yellow ribbon informing the user that the site has
copied data onto their clipboard, with buttons to allow them to prevent
it from happening in the future, would be a good balance (in particular
if denying permission restored the clipboard to its previous state) --
it informs the user and provides clear recourse without *requiring*
additional action.
--
Adam Roach
Principal Platform Engineer
a...@mozilla.com
+1 650 903 0800 x863
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
