> Wouldn't it be better for the user if a consistent policy were applied > across the board when handling their data?
Not if the average user can't understand the policy that is applied, and the way it applies to what they are trying to achieve. > Proper handling of the data shifts the onus to the webmaster and > developers, but webmasters and developers are in a better position to > manage these sorts of things. But the policy would cause problems for the end users, only indirectly for webmasters and developers. We've been there, done that with for example draconian markup parsing - even though you would expect parsing failures to "shift the onus to" webmasters, and that they would give fixing a broken site really high priority, it turned out that the draconian parsing first and foremostly caused end users problems, and that the market pressure forced browsers to relax their draconian tendencies and find ways to parse broken markup reliably instead. Lesson learned: draconian policies that cause problems for the end user AND require webmaster action to fix it, are NOT viable. Webmasters simply won't start serving their site over https to enable users to paste data into it. They will simply say "use a different browser", and any browser trying to implement the proposed policy would loose users who perceived the policy as a bug. > If I were a user and > visited a site with HTTPS, then that's what I would expect when moving my > data around. And I'm sure you can agree that very few users would share your expectation? Also, you make the fundamental assumption that *all* data on a HTTPS site is valuable and private. As a user, I'd like to be fully in control of what data I think is sensitive and what data I'll paste freely. For example, if I want to quote Techdirt.com articles on a personal blog right now, run a private Wordpress install on http, and use a browser implementing your suggested policy, I would have to retype every quote I want to use.. > And the clipboard standard is new, so its a great opportunity to avoid > the patching used to address gaps. The standard may be new, but the feature is not :) End users have been copying and pasting data for years and years, and are used to doing so. -Hallvord
