Re: [clipboard] Semi-Trusted Events Alternative

2014-09-17 Thread Hallvord R. M. Steen
Not quite :) Check the list of events - mousemove isn't included: http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup I was just going by where I¹ve seen pages pop up windows, and I¹ve seen pages that pop up windows just by moving the mouse across them. If you see that again,

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Paul Libbrecht
On 16 sept. 2014, at 02:36, Brian Matthews (brmatthe) brmat...@cisco.com wrote: And again what about the naïve user that doesn’t even know what an extension is or read somewhere that they’re “bad”, or will even understand what happened when their wife/husband/parent/child finds

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread James M. Greene
We did some user research on this feature when we were building our most recent flagship product a few years back. Our users' reactions to a sane site enhancing their clipboard data were unanimously delighted rather than upset/offended/horrified. As Hallvord said, sites have been able to do this

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Brian Matthews (brmatthe)
a page can wipe out my entire clipboard history if I move my mouse over it. Not quite :) Check the list of events - mousemove isn't included: http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup I was just going by where I¹ve seen pages pop up windows, and I¹ve seen pages that pop

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Brian Matthews (brmatthe)
On 9/16/14, 5:22 AM, James M. Greene james.m.gre...@gmail.commailto:james.m.gre...@gmail.com wrote: We did some user research on this feature when we were building our most recent flagship product a few years back. Our users' reactions to a sane site enhancing their clipboard data were

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Jonas Sicking
On Sun, Sep 14, 2014 at 5:54 AM, Dale Harvey d...@arandomurl.com wrote: websites can already trivially build editors that use copy and paste within the site itself, the entire problem is that leads to confusing behaviour when the user copies and pastes outside the website, which is a huge use

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Hallvord R. M. Steen
[Responding to several messages about pasting data from same origin here] - Original Message - From: Jonas Sicking jo...@sicking.cc * paste: we allow reading clipboard contents if the paste event is not synthetic and not triggered from a document.execCommand('paste') call I think we

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Jonas Sicking
On Mon, Sep 15, 2014 at 1:42 PM, Hallvord R. M. Steen hst...@mozilla.com wrote: It's an interesting idea that partly fixes the main drawback with the current proposal: that to read clipboard contents, paste must be triggered from the browser's own UI, not the website's. The current proposal

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-15 Thread Ryosuke Niwa
On Sep 15, 2014, at 1:09 PM, Jonas Sicking jo...@sicking.cc wrote: On Sun, Sep 14, 2014 at 5:54 AM, Dale Harvey d...@arandomurl.com wrote: websites can already trivially build editors that use copy and paste within the site itself, the entire problem is that leads to confusing behaviour when

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-13 Thread Hallvord R. M. Steen
On Wed, Jul 23, 2014 at 12:17 AM, Ben Peters ben.pet...@microsoft.com wrote: [1] http://www.w3.org/TR/clipboard-apis/#semi-trusted-events Anne wrote: The default action of a synthetic paste event is to insert any data passed to the event constructor, if that data is suitable for the event

RE: [clipboard] Semi-Trusted Events Alternative

2014-07-30 Thread Ben Peters
-Original Message- From: annevankeste...@gmail.com [mailto:annevankeste...@gmail.com] On Wed, Jul 23, 2014 at 12:17 AM, Ben Peters ben.pet...@microsoft.com wrote: [1] http://www.w3.org/TR/clipboard-apis/#semi-trusted-events The default action of a synthetic paste event is to

RE: [clipboard] Semi-Trusted Events Alternative

2014-07-30 Thread Ben Peters
-Original Message- From: Perry Smith [mailto:pedz...@gmail.com] As a side note: I would change isTrusted to fromUserAgent to make it more honest. Folks are somewhat foolish to trust their browsers and all the plugins. e.g. people unwittingly trust flash. I would remove trust from

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-28 Thread Anne van Kesteren
On Wed, Jul 23, 2014 at 12:17 AM, Ben Peters ben.pet...@microsoft.com wrote: [1] http://www.w3.org/TR/clipboard-apis/#semi-trusted-events The default action of a synthetic paste event is to insert any data passed to the event constructor, if that data is suitable for the event target. If the

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-27 Thread James Greene
If this is really the case, it seems that separating Copy from Paste would be proper. The spec sort of distinguishes them (but this should probably be spelled out in detail): per the current spec text, copy/cut can be triggered from any trusted or semi-trusted event, while paste is only

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Hallvord R. M. Steen
(Replying to both Ben's and Ryosuke's mails) Ben wrote: Semi-trusted events in the Clipboard API spec [1] are a potential solution to an important problem- sites should be able to use the same infrastructure (clipboard events) with their own triggers (button with execCommand('paste') as

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Perry Smith
Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid. Can someone explain that to me? I surfed around a bit but did not find any articles except pages talking about users pasting content they got from the web directly into a

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Jeffrey Walton
On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith pedz...@gmail.com wrote: Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid. Can someone explain that to me? Its a point of data egress. You don't want sensitive information from

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Perry Smith
On Jul 26, 2014, at 8:26 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith pedz...@gmail.com wrote: Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid. Can someone explain that to me?

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Jeffrey Walton
On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith pedz...@gmail.com wrote: On Jul 26, 2014, at 8:26 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith pedz...@gmail.com wrote: Sorry if this is a lame question but I never understood the dangers of Copy and

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-26 Thread Perry Smith
On Jul 26, 2014, at 9:09 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith pedz...@gmail.com wrote: On Jul 26, 2014, at 8:26 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith pedz...@gmail.com wrote: Sorry if

Re: [clipboard] Semi-Trusted Events Alternative

2014-07-25 Thread Ryosuke Niwa
On Jul 22, 2014, at 3:17 PM, Ben Peters ben.pet...@microsoft.com wrote: Semi-trusted events in the Clipboard API spec [1] are a potential solution to an important problem- sites should be able to use the same infrastructure (clipboard events) with their own triggers (button with

[clipboard] Semi-Trusted Events Alternative

2014-07-22 Thread Ben Peters
Semi-trusted events in the Clipboard API spec [1] are a potential solution to an important problem- sites should be able to use the same infrastructure (clipboard events) with their own triggers (button with execCommand('paste') as browser initiated clipboard operations (like user presses