Re: [clipboard] navigator.registerClipboardFormats( ... )

2015-07-24 Thread Daniel Cheng
On Wed, Jul 22, 2015 at 12:27 PM Hallvord Reiar Michaelsen Steen hst...@mozilla.com wrote: Hi, there's an interesting proposal here https://github.com/w3c/clipboard-apis/issues/9 for solving our what about clipboard data from various native applications? conundrum. The proposal is to let a

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-25 Thread Daniel Cheng
For reasons I've already mentioned, this isn't going to happen because there is no so-called dumping ground. No one is going to risk their paste turning into thousands of lines of gibberish because they tried to stuff binary data in text/plain. Daniel On Thu, Jun 25, 2015 at 8:23 AM Florian

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-25 Thread Daniel Cheng
No UA supports it today. No UA is likely to support it anytime soon. Daniel On Thu, Jun 25, 2015 at 10:38 AM Florian Bösch pya...@gmail.com wrote: Yet you restrict mime-types AND you support application/octet-stream? On Thu, Jun 25, 2015 at 7:34 PM, Daniel Cheng dch...@google.com wrote

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-25 Thread Daniel Cheng
-stream, then that just becomes the dumping ground. On Thu, Jun 25, 2015 at 7:39 PM, Daniel Cheng dch...@google.com wrote: No UA supports it today. No UA is likely to support it anytime soon. Daniel On Thu, Jun 25, 2015 at 10:38 AM Florian Bösch pya...@gmail.com wrote: Yet you restrict mime

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-25 Thread Daniel Cheng
the dumping ground. On Thu, Jun 25, 2015 at 7:39 PM, Daniel Cheng dch...@google.com wrote: No UA supports it today. No UA is likely to support it anytime soon. Daniel On Thu, Jun 25, 2015 at 10:38 AM Florian Bösch pya...@gmail.com wrote: Yet you restrict mime-types AND you support

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-11 Thread Daniel Cheng
On Thu, Jun 11, 2015 at 12:53 AM Florian Bösch pya...@gmail.com wrote: Wait, why are you talking about removing an ostensibly useful feature (declaring a mimetype in a paste for certain mime types) because the end result could land up in the users paste, where it could be pasted into

Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Daniel Cheng
Currently, the Clipboard API [1] mandates support for a number of formats. Unfortunately, we do not believe it is possible to safely support writing a number of formats to the clipboard: - image/png - image/jpg, image/jpeg - image/gif If these types are supported, malicious web content can

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Daniel Cheng
from web content - native crosses a security boundary, which means these sort of issues need to be taken into consideration. Paul On 9/06/15 21:15, Daniel Cheng wrote: I'm not against considering more formats to be dangerous. =) In particular: JS: I'm not support what context we'd ever

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Daniel Cheng
image/png, and you'll find if you try to paste a very large bitmap (several dozen megapixels), the renderer will stop responding for a period of time. Daniel On Jun 9, 2015 2:19 PM, Daniel Cheng dch...@google.com wrote: I'm not against considering more formats to be dangerous

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Daniel Cheng
parse it for its value? That sounds doable (and probably even useful: e.g. put other picture flavours in case of a pictures). Paul I don't think I understand what this means. Daniel On 9/06/15 22:20, Daniel Cheng wrote: On Tue, Jun 9, 2015 at 12:27 PM Paul Libbrecht p...@hoplahup.net

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Daniel Cheng
basis. Daniel On Tue, Jun 9, 2015 at 12:01 PM Olli Pettay o...@pettay.fi wrote: On 06/09/2015 09:39 PM, Daniel Cheng wrote: Currently, the Clipboard API [1] mandates support for a number of formats. Unfortunately, we do not believe it is possible to safely support writing a number

Re: [clipboard] Dilemma: getData('text/html') and useful CF_HTML quirks

2015-04-23 Thread Daniel Cheng
On Thu, Apr 23, 2015 at 1:16 AM Hallvord Reiar Michaelsen Steen hst...@mozilla.com wrote: We're exploring text/html paste behaviours in Mozilla bug 586587 [1] and running into some tricky questions I'd like to discuss here. Basically, on Windows IE and other apps that write HTML to the

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Daniel Cheng
I'm not quite sure what you're asking for here. The clipboard is system global. Why should the spec disallow a user from copying from https://www.example.com and pasting in http://www.ads.com? Daniel On Mon, Sep 15, 2014 at 11:19 AM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 15,

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Daniel Cheng
Again, what are you trying to defend against? Why is it beneficial to try to block this? Daniel On Sep 15, 2014 3:18 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 15, 2014 at 5:26 PM, Hallvord R. M. Steen hst...@mozilla.com wrote:

Re: [clipboard] Add RTF to the mandatory data types list?

2014-08-20 Thread Daniel Cheng
Right now, the default action for copy/cut also populates text/plain on the clipboard if you're copying HTML (I don't think the spec explicitly mentions this, but I'm pretty sure this is how most browsers behave). Given the current discussion, it seems expected that the browser will automatically

Re: [clipboard] Add RTF to the mandatory data types list?

2014-08-19 Thread Daniel Cheng
On Tue, Aug 19, 2014 at 3:36 AM, Hallvord R. M. Steen hst...@mozilla.com wrote: Does anyone else have input for/against this? Conceptually, I guess RTF sort of covers the same use cases as HTML. That doesn't necessarily mean we should not add it. I don't have input as such, but I have a

Re: [clipboard events] seeking implementor feedback on using CID: URI scheme for pasting embedded binary data

2014-03-10 Thread Daniel Cheng
On Wed, Feb 12, 2014 at 1:25 AM, Hallvord R. M. Steen hst...@mozilla.comwrote: Hi Hallvord! Hi Ben! Thanks for responding to my request for feedback - especially since the IE team has done some interesting work in this area and is arguably ahead of the rest! :-) The IE11 API you

Re: MathML and Clipboard API and events

2013-04-15 Thread Daniel Cheng
When I suggested formats that implementations ought to support, I specifically mentioned image/svg+xml because it was mostly convertible to native types (Windows metafile on Windows, PDF on Mac). I don't think anyone's implemented this conversion, but it's technically possible. On the other hand,

Re: MathML and Clipboard API and events

2013-04-15 Thread Daniel Cheng
...@google.com [mailto:dch...@google.com] *On Behalf Of *Daniel Cheng *Sent:* Monday, April 15, 2013 1:56 PM *To:* Paul Topping *Cc:* Hallvord Reiar Michaelsen Steen; public-webapps@w3.org *Subject:* Re: MathML and Clipboard API and events ** ** When I suggested formats that implementations

Re: MathML and Clipboard API and events

2013-04-15 Thread Daniel Cheng
/MathML3/appendixb.html mentions both Mac and Windows formats for MathML. ** ** *From:* dch...@google.com [mailto:dch...@google.com] *On Behalf Of *Daniel Cheng *Sent:* Monday, April 15, 2013 3:49 PM *To:* Paul Topping *Cc:* Hallvord Reiar Michaelsen Steen; public-webapps@w3.org

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-19 Thread Daniel Cheng
On Sat, Feb 18, 2012 at 07:28, Hallvord R. M. Steen hallv...@opera.comwrote: On Fri, 17 Feb 2012 19:23:29 +0100, Daniel Cheng dch...@chromium.org wrote: Also, what does it mean to be supported? In new versions of Chrome, any kind of MIME type is supported in the sense that you can set data

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-17 Thread Daniel Cheng
Any MIME type support restrictions that apply to clipboard MIME types will almost certainly apply to DnD MIME types as well. Therefore, it wouldn't make sense to tie it to ClipboardEvent. Also, what does it mean to be supported? In new versions of Chrome, any kind of MIME type is supported in the

Re: innerHTML in DocumentFragment

2011-11-08 Thread Daniel Cheng
The clipboard events http://www.w3.org/TR/clipboard-apis/ spec has some text about HTML sanitization. It might be good to make sure any work in this area is shared. Daniel On Tue, Nov 8, 2011 at 17:10, Ojan Vafai o...@chromium.org wrote: Providing concise, easy and XSS safe ways to generate a

Re: innerHTML in DocumentFragment

2011-11-04 Thread Daniel Cheng
Instead of simply switching the insertion mode when you see an element that doesn't belong in in-body mode for context-less parsing, would it make sense to synthesize the appropriate context elements instead? Daniel On Fri, Nov 4, 2011 at 05:54, João Eiras jo...@opera.com wrote: On Fri, 04 Nov

Re: innerHTML in DocumentFragment

2011-11-04 Thread Daniel Cheng
context elements would make more sense. Daniel On Fri, Nov 4, 2011 at 09:45, Tab Atkins Jr. jackalm...@gmail.com wrote: On Fri, Nov 4, 2011 at 9:33 AM, Daniel Cheng dch...@chromium.org wrote: Instead of simply switching the insertion mode when you see an element that doesn't belong in in-body

Re: innerHTML in DocumentFragment

2011-11-04 Thread Daniel Cheng
On Fri, Nov 4, 2011 at 11:19, Tab Atkins Jr. jackalm...@gmail.com wrote: 2011/11/4 Daniel Cheng dch...@chromium.org: In that example, there was a clear context element though--I'd argue that Range.createContextualFragment should have been used instead. It seems like the general use

Re: innerHTML in DocumentFragment

2011-11-04 Thread Daniel Cheng
On Fri, Nov 4, 2011 at 12:15, Yehuda Katz wyc...@gmail.com wrote: Sent from my iPhone On Nov 4, 2011, at 11:55 AM, Daniel Cheng dch...@chromium.org wrote: On Fri, Nov 4, 2011 at 11:19, Tab Atkins Jr. jackalm...@gmail.com wrote: 2011/11/4 Daniel Cheng dch...@chromium.org: In that example

Re: Question about implementing DataTransfer.addElement

2011-10-10 Thread Daniel Cheng
On Mon, Oct 10, 2011 at 15:26, Ian Hickson i...@hixie.ch wrote: The parenthetical isn't the important part (that's why it's parenthetical). The important difference between setDragImage() and addElement() is that the latter automatically generates the image based on the current rendering of

Question about implementing DataTransfer.addElement

2011-10-07 Thread Daniel Cheng
What's the difference between addElement and setDragImage()? The spec says: The difference between setDragImage() and addElement() is that the latter automatically generates the image based on the current rendering of the elements added (potentially keeping it updated as the drag continues,

Re: Question about implementing DataTransfer.addElement

2011-10-07 Thread Daniel Cheng
of things like video or other embedded content. Daniel On Fri, Oct 7, 2011 at 15:01, James Robinson jam...@google.com wrote: On Fri, Oct 7, 2011 at 2:56 PM, Tab Atkins Jr. jackalm...@gmail.comwrote: On Fri, Oct 7, 2011 at 2:45 PM, Daniel Cheng dch...@chromium.org wrote: For technical reasons

Re: [Clipboard API] Copy to clipboard

2011-09-06 Thread Daniel Cheng
Why do you need to create an element? Just call execCommand('copy') and setData('text/html', 'blah') in your copy handler. Daniel On Mon, Sep 5, 2011 at 03:57, João Eiras jo...@opera.com wrote: On Mon, 05 Sep 2011 12:47:28 +0200, Hallvord R. M. Steen hallv...@opera.com wrote: On Mon, 05

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-19 Thread Daniel Cheng
On Wed, May 18, 2011 at 17:41, João Eiras joao.ei...@gmail.com wrote: On , Paul Libbrecht p...@hoplahup.net wrote: Le 17 mai 2011 à 06:23, Hallvord R. M. Steen a écrit : To get a table started in the spec, could you give me a small list of (MIME) types one should mandate the UA to be

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2011-05-19 Thread Daniel Cheng
On Thu, May 19, 2011 at 04:01, João Eiras joao.ei...@gmail.com wrote: On Thu, May 19, 2011 at 7:43 AM, Paul Libbrecht p...@hoplahup.net wrote: Le 19 mai 2011 à 02:11, João Eiras a écrit : getData and setData must work outside clipboard events, like when clicking paste/copy/cut buttons

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2011-05-18 Thread Daniel Cheng
On Tue, May 17, 2011 at 22:07, Hallvord R. M. Steen hallv...@opera.comwrote: Should our implementation work harder to keep what we promise in clipboardData.items, or should we be content that such timing issues will be so rare that throwing is fine? After all, most applications manipulate the

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2011-05-18 Thread Daniel Cheng
On Wed, May 18, 2011 at 02:16, Hallvord R. M. Steen hallv...@opera.comwrote: What do you think about the current spec text? I've moved the section http://dev.w3.org/2006/webapi/clipops/clipops.html#processing-model-for-pasting-html-datato where we prepare the paste event, because integrating

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2011-05-18 Thread Daniel Cheng
On Wed, May 18, 2011 at 16:54, Hallvord R. M. Steen hallv...@opera.comwrote: Not 100% sure what you mean by concerns - do you mean for example if I drag a selection that embeds local images from my local word processing application to an online editor? I don't know how/if DnD handles this use

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-17 Thread Daniel Cheng
On Mon, May 16, 2011 at 21:23, Hallvord R. M. Steen hallv...@opera.comwrote: On Mon, 31 Jan 2011 19:39:13 +0900, Daniel Cheng dch...@chromium.org wrote: I'd go one step further and say that there should be some agreement on what MIME types ought to be supported to try to insure somewhat

Re: request for custom clipboard types (Re: clipboard events)

2011-05-17 Thread Daniel Cheng
On Mon, May 16, 2011 at 22:57, Ryosuke Niwa rn...@webkit.org wrote: On Mon, May 16, 2011 at 9:34 PM, Hallvord R. M. Steen hallv...@opera.comwrote: On Mon, 31 Jan 2011 20:25:20 +0900, Paul Libbrecht p...@activemath.org wrote: A website maker for, say, a shop for furnitures that knows they

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-17 Thread Daniel Cheng
On Tue, May 17, 2011 at 00:12, Paul Libbrecht p...@hoplahup.net wrote: Le 17 mai 2011 à 06:23, Hallvord R. M. Steen a écrit : To get a table started in the spec, could you give me a small list of (MIME) types one should mandate the UA to be aware of and be able to roundtrip to/from native

Re: risks of custom clipboard types

2011-05-17 Thread Daniel Cheng
On Tue, May 17, 2011 at 09:27, Paul Libbrecht p...@activemath.org wrote: On my mac, as far as I know, this can only happen if I copied the the file explicitly (as a file, not as a content). Pasting in some web-page means I want to transmit the information of the clipboard to the page. paul

Re: risks of custom clipboard types

2011-05-17 Thread Daniel Cheng
On Tue, May 17, 2011 at 10:18, Paul Libbrecht p...@hoplahup.net wrote: Le 17 mai 2011 à 19:14, Daniel Cheng a écrit : I actually did implement reading arbitrary types from the clipboard/drop at one point on Linux just to see how it'd work. When I copied a file in Nautilus, the full path

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2011-05-17 Thread Daniel Cheng
On Tue, May 17, 2011 at 14:03, Hallvord R. M. Steen hallv...@opera.comwrote: On Tue, 17 May 2011 15:30:08 +0900, Daniel Cheng dch...@chromium.org wrote: I believe this problem is solvable without a spec change. OK. I'd like to put in some non-normative warning or note about this problem

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-17 Thread Daniel Cheng
On Tue, May 17, 2011 at 16:26, Ryan Seddon seddon.r...@gmail.com wrote: What about image/webp? I'd suggest that if we want to support image formats in the spec, we should try to support the same set that Canvas::toDataURL() does. +1 for being able to copy/paste binary data either through

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-17 Thread Daniel Cheng
On Tue, May 17, 2011 at 20:44, Hallvord R. M. Steen hallv...@opera.comwrote: Do native OS clipboards generally tend to have a data type saying this is some random binary data? That's more or less what I think application/octet-stream indicates on the web. If there isn't a common format to map

Re: clipboard events

2011-05-10 Thread Daniel Cheng
On Mon, May 9, 2011 at 23:31, Paul Libbrecht p...@hoplahup.net wrote: Le 10 mai 2011 à 00:18, João Eiras a écrit : I would just model the 'copy' (and 'cut') events exactly as a 'dragstart' event, ideally so much so that you can literally use the same function for both. (Canceling 'cut'

Re: clipboard events

2011-05-10 Thread Daniel Cheng
are now fairly css aware). On 5/10/11, Daniel Cheng dch...@chromium.org wrote: On Mon, May 9, 2011 at 23:31, Paul Libbrecht p...@hoplahup.net wrote: Le 10 mai 2011 à 00:18, João Eiras a écrit : I would just model the 'copy' (and 'cut') events exactly as a 'dragstart' event

Concerns regarding cross-origin copy/paste security

2011-05-04 Thread Daniel Cheng
There was a recent discussion involving directly exposing the HTML fragment in a paste to a page, since we're doing the parsing anyway for security reasons. I have some concerns regarding http://www.w3.org/TR/clipboard-apis/#cross-origin-copy-paste-of-source-codethough. From my understanding, we

Re: CfC: new WD of Clipboard API and Events; deadline April 5

2011-04-11 Thread Daniel Cheng
On Sun, Apr 10, 2011 at 11:30, Charles McCathieNevile cha...@opera.comwrote: comments on a couple of timeless' comments. On Sun, 10 Apr 2011 18:20:35 +0200, timeless timel...@gmail.com wrote: Calling clearData() empties the system clipboard, or removes the specified type of data from the

Re: clipboard events

2011-01-31 Thread Daniel Cheng
. Couldn't a script loop inside the paste event to keep sniffing out live data? On Mon, Jan 31, 2011 at 01:59, Hallvord R. M. Steen hallv...@opera.comwrote: On Thu, 27 Jan 2011 05:12:58 +0900, Daniel Cheng dch...@chromium.org wrote: Platform capabilities vary. - Windows will be unhappy if you

Re: clipboard events

2011-01-31 Thread Daniel Cheng
, but it's already how drag-and-drop works in Chrome. On Mon, Jan 31, 2011 at 09:09, Ryosuke Niwa rn...@webkit.org wrote: On Mon, Jan 31, 2011 at 3:25 AM, Paul Libbrecht p...@activemath.orgwrote: Le 31 janv. 2011 à 11:39, Daniel Cheng a écrit : The way I'm working on implementing it (for drag

Re: clipboard events

2011-01-26 Thread Daniel Cheng
On Tue, Jan 25, 2011 at 21:26, Hallvord R. M. Steen hallv...@opera.comwrote: (Responding to multiple E-mails. Plead guilty to Ianesque behaviour there. Last draft of spec is http://dev.w3.org/2006/webapi/clipops/clipops.html.) On Fri, 24 Dec 2010 07:21:35 +0900, Paul Libbrecht