Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Hallvord R. M. Steen
>> Not quite :) Check the list of events - mousemove isn't included: >> http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup > I was just going by where I¹ve seen pages pop up windows, and I¹ve seen > pages that pop up windows just by moving the mouse across them. If you see that agai

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Jeffrey Walton
On Tue, Sep 16, 2014 at 5:30 AM, Hallvord R. M. Steen wrote: >... if we get it right we've enabled some more functionality > for web apps without too much nuisance and abuse - > if we get it wrong, we probably have to revisit this and > lock it down with site whitelists and such. Keeping in mind >

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Brian Matthews (brmatthe)
On 9/16/14, 5:22 AM, "James M. Greene" mailto:james.m.gre...@gmail.com>> wrote: > We did some user research on this feature when we were building our most > recent flagship product a few years back. Our users' reactions to a sane site > enhancing their clipboard data were unanimously delighted

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Brian Matthews (brmatthe)
>> a page can wipe out my entire clipboard history if I move my mouse over >>it. > Not quite :) Check the list of events - mousemove isn't included: > http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup I was just going by where I¹ve seen pages pop up windows, and I¹ve seen pages tha

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread James M. Greene
We did some user research on this feature when we were building our most recent flagship product a few years back. Our users' reactions to a sane site enhancing their clipboard data were unanimously delighted rather than upset/offended/horrified. As Hallvord said, sites have been able to do this f

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Hallvord R. M. Steen
> a page can wipe out my > entire clipboard history if I move my mouse over it. Not quite :) Check the list of events - mousemove isn't included: http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup I agree that all the concerns you listed are real. I recall an article I've seen abou

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Paul Libbrecht
On 16 sept. 2014, at 02:36, Brian Matthews (brmatthe) wrote: > And again what about the naïve user that doesn’t even know what an extension > is or read > somewhere that they’re “bad”, or will even understand what happened when > their wife/husband/parent/child finds http:// your choice> in the

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Ryosuke Niwa
On Sep 15, 2014, at 1:09 PM, Jonas Sicking wrote: > On Sun, Sep 14, 2014 at 5:54 AM, Dale Harvey wrote: >> websites can already trivially build editors that use copy and paste within >> the site itself, the entire problem is that leads to confusing behaviour >> when the user copies and pastes o

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Jonas Sicking
On Mon, Sep 15, 2014 at 1:42 PM, Hallvord R. M. Steen wrote: >> 2. Allow reading data from the clipboard at any time if the data there >> originated from the current origin. Thereby making the API as helpful >> as possible for the case when data is copied within a website. > > So, I'm not yet "sol

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Jonas Sicking
On Mon, Sep 15, 2014 at 1:42 PM, Hallvord R. M. Steen wrote: > It's an interesting idea that partly fixes the main drawback with the current > proposal: that to read clipboard contents, "paste" must be triggered from the > browser's own UI, not the website's. The current proposal makes it possib

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Hallvord R. M. Steen
[Responding to several messages about pasting data from same origin here] - Original Message - From: "Jonas Sicking" >> * paste: we allow reading clipboard contents if the paste event is not >> synthetic and not triggered from a document.execCommand('paste') call > I think we should als

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Jonas Sicking
On Sun, Sep 14, 2014 at 5:54 AM, Dale Harvey wrote: > websites can already trivially build editors that use copy and paste within > the site itself, the entire problem is that leads to confusing behaviour > when the user copies and pastes outside the website, which is a huge use > case of the clip

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-13 Thread Hallvord R. M. Steen
On Wed, Jul 23, 2014 at 12:17 AM, Ben Peters wrote: >> [1] http://www.w3.org/TR/clipboard-apis/#semi-trusted-events Anne wrote: > "The default action of a synthetic paste event is to insert any data > passed to the event constructor, if that data is suitable for the > event target. If the data ty

RE: [clipboard] Semi-Trusted Events Alternative

2014-07-30 Thread Ben Peters
> -Original Message- > From: Perry Smith [mailto:pedz...@gmail.com] > > As a side note: I would change "isTrusted" to "fromUserAgent" to make it > more honest. Folks are somewhat foolish to trust their browsers and all the > plugins. e.g. people unwittingly trust flash. I would remove "

RE: [clipboard] Semi-Trusted Events Alternative

2014-07-30 Thread Ben Peters
> -Original Message- > From: annevankeste...@gmail.com [mailto:annevankeste...@gmail.com] > > On Wed, Jul 23, 2014 at 12:17 AM, Ben Peters > wrote: > > [1] http://www.w3.org/TR/clipboard-apis/#semi-trusted-events > > "The default action of a synthetic paste event is to insert any data pa

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-28 Thread Anne van Kesteren
On Wed, Jul 23, 2014 at 12:17 AM, Ben Peters wrote: > [1] http://www.w3.org/TR/clipboard-apis/#semi-trusted-events "The default action of a synthetic paste event is to insert any data passed to the event constructor, if that data is suitable for the event target. If the data type is not suitable

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-27 Thread James Greene
> > If this is really the case, it seems that separating Copy from Paste would be proper. > > The spec sort of distinguishes them (but this should probably be spelled out in detail): per the current spec text, copy/cut can be triggered from any trusted or semi-trusted event, while paste is only all

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Hallvord R. M. Steen
>>> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith wrote: Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid. Can someone explain that to me? There's some text attempting to explain it in the spec http://dev.w3.org/2006/w

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Perry Smith
On Jul 26, 2014, at 9:09 AM, Jeffrey Walton wrote: > On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith wrote: >> >> On Jul 26, 2014, at 8:26 AM, Jeffrey Walton wrote: >> >>> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith wrote: Sorry if this is a lame question but I never understood the dange

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Jeffrey Walton
On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith wrote: > > On Jul 26, 2014, at 8:26 AM, Jeffrey Walton wrote: > >> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith wrote: >>> Sorry if this is a lame question but I never understood the dangers of Copy >>> and Paste that the web is trying to avoid. Can

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Perry Smith
On Jul 26, 2014, at 8:26 AM, Jeffrey Walton wrote: > On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith wrote: >> Sorry if this is a lame question but I never understood the dangers of Copy >> and Paste that the web is trying to avoid. Can someone explain that to me? >> > Its a point of data egres

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Jeffrey Walton
On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith wrote: > Sorry if this is a lame question but I never understood the dangers of Copy > and Paste that the web is trying to avoid. Can someone explain that to me? > Its a point of data egress. You don't want sensitive information from one program scrap

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Perry Smith
Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid. Can someone explain that to me? I surfed around a bit but did not find any articles except pages talking about users pasting content they got from the web directly into a termi

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-25 Thread Hallvord R. M. Steen
(Replying to both Ben's and Ryosuke's mails) Ben wrote: > Semi-trusted events in the Clipboard API spec [1] are a potential solution > to an important problem- sites should be able to use the same infrastructure > (clipboard events) with their own triggers (button with execCommand('paste') > as b

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-25 Thread Ryosuke Niwa
On Jul 22, 2014, at 3:17 PM, Ben Peters wrote: > Semi-trusted events in the Clipboard API spec [1] are a potential solution to > an important problem- sites should be able to use the same infrastructure > (clipboard events) with their own triggers (button with execCommand(‘paste’) > as browser

[clipboard] Semi-Trusted Events Alternative

2014-07-22 Thread Ben Peters
Semi-trusted events in the Clipboard API spec [1] are a potential solution to an important problem- sites should be able to use the same infrastructure (clipboard events) with their own triggers (button with execCommand('paste') as browser initiated clipboard operations (like user presses contro