I am not sure if this is the right avenue to raise concern (again) over not requiring a prompt. It seems that "user action" here implies that a user intended on having their clipboard destroyed intentionally. (Like requesting a SHA from GitHub).
However, I created a very basic demo here: http://jsfiddle.net/azgugmjb/3/ that shows how easy (in Chrome 43) it is to abuse the "user action". I really hope this shines some light on the potential for real world abuse. The user action in my demo is simply highlighting text. The use of `.select()` prevents the user from actually using the system keybinding for copying and will inject into their clipboard something other than what they intended. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
