[Replying to Paul's mail but it's really a response to James - sorry, Paul..]
On 12 juil. 2013, at 21:57, James Greene wrote:
> It appears that the only way to trigger a `copy` event programmatically is to
> use `document.execCommand('copy')`, which most browsers prevent:
>
> http://www.w3.org/TR/clipboard-apis/#integration-with-other-scripts-and-events
Correct.
> What about enabling so enabling semi-restricted programmatic clipboard
> injection on a page
> if the user grants their express permission via a once-per-domain security
> prompt (similar
> to the Geolocation API)?
Well, with my spec editor's hat on: Nothing really prevents UAs from
implementing this already. They could hook up document.execCommand('Copy') to
whatever that UA's convention for a security permission prompt is. I'd like to
see this, actually.
That said, this functionality doesn't really have privacy implications (as long
as it is about programmatically *writing to*, not *reading from* the clipboard)
so it's mostly just about preventing nuisance, plus some slightly far-fetched
security threats (which aren't all that credible if they are not already
exploited with Flash's clipboard implementation). Our intentions as
implementors has sort of moved towards enabling all the cool stuff apps and
sites might do, and away from trying to control nuisance. It's quite possible
to argue that writing to the clipboard should be enabled by default.
-Hallvord
