Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-18 Thread Arthur Barstow
On 9/15/14 4:27 AM, Arthur Barstow wrote: If anyone has any comments or concerns about this plan, please let us know before the 18th. Although there were some technical comments in reply to this PSA (and that's great, please keep the comments coming!), as we previously agreed, those comments

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-16 Thread Hallvord R. M. Steen
Wouldn't it be better for the user if a consistent policy were applied across the board when handling their data? Not if the average user can't understand the policy that is applied, and the way it applies to what they are trying to achieve. Proper handling of the data shifts the onus to

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-16 Thread Jeffrey Walton
On Mon, Sep 15, 2014 at 9:06 PM, Daniel Cheng dch...@google.com wrote: Again, what are you trying to defend against? Why is it beneficial to try to block this? At minimum, its information leakage. If the data has value such that at least one leg requires HTTPS, then traversing some legs with

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-16 Thread James M. Greene
Regardless of protocol, a site that contains sensitive data should be implemented such that it doesn't use this API nor include any unverified 3rd party libraries/extension that may. They should also only utilize a feature such as this in obvious ways (i.e. by having the user click on a copy

PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Arthur Barstow
This is a heads-up Hallvord intends to publish a WD of Clipboard API and events and he is targeting a publication date of September 18. The ED http://dev.w3.org/2006/webapi/clipops/clipops.html If anyone has any comments or concerns about this plan, please let us know before the 18th.

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Jeffrey Walton
On Mon, Sep 15, 2014 at 4:27 AM, Arthur Barstow art.bars...@gmail.com wrote: This is a heads-up Hallvord intends to publish a WD of Clipboard API and events and he is targeting a publication date of September 18. The ED http://dev.w3.org/2006/webapi/clipops/clipops.html If anyone has any

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Daniel Cheng
I'm not quite sure what you're asking for here. The clipboard is system global. Why should the spec disallow a user from copying from https://www.example.com and pasting in http://www.ads.com? Daniel On Mon, Sep 15, 2014 at 11:19 AM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 15,

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Hallvord R. M. Steen
http://dev.w3.org/2006/webapi/clipops/clipops.html Please forgive my ignorance. But I don't see a requirement that data egressed from the local machine to be protected with SSL/TLS. I can certainly add a note *encouraging* encryption, but it's not something we can require in a meaningful

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Jeffrey Walton
On Mon, Sep 15, 2014 at 5:26 PM, Hallvord R. M. Steen hst...@mozilla.com wrote: http://dev.w3.org/2006/webapi/clipops/clipops.html Please forgive my ignorance. But I don't see a requirement that data egressed from the local machine to be protected with SSL/TLS. I can certainly add a note

Re: PSA: publishing new WD of Clipboard API and events on Sept 18

2014-09-15 Thread Daniel Cheng
Again, what are you trying to defend against? Why is it beneficial to try to block this? Daniel On Sep 15, 2014 3:18 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 15, 2014 at 5:26 PM, Hallvord R. M. Steen hst...@mozilla.com wrote: