On Mon, Sep 15, 2014 at 4:27 AM, Arthur Barstow <art.bars...@gmail.com> wrote:
> This is a heads-up Hallvord intends to publish a WD of "Clipboard API and
> events" and he is targeting a publication date of September 18. The ED
>
>   <http://dev.w3.org/2006/webapi/clipops/clipops.html>
>
> If anyone has any comments or concerns about this plan, please let us know
> before the 18th.
Please forgive my ignorance. But I don't see a requirement that data
egressed from the local machine to be protected with SSL/TLS.

Also, if the origin uses a secure scheme like HTTPS, then shouldn't
the script's also require the same? That is, shouldn't the spec avoid
fetching from https://www.example.com and then shipping clipboard data
off to http://www.ads.com?

Is these intended?

Reply via email to