Clipboard actions BOF table at W3C TPAC

2008-10-22 Thread Paul Libbrecht
Hello webapp-aficionados, I've just proposed a clipboard-actions BOF table for today noon here at the W3C Technical Plenary in Mandelieu where I suppose some of you are. It would be lovely to get some of the webapp folks there. paul smime.p7s Description: S/MIME cryptographic signature

Re: Clipboard actions BOF table at W3C TPAC

2008-10-22 Thread Paul Libbrecht
thanks Ian, this section has matured a bit... that's good. What the copy-and-paste says is what the drag-and-drop says, just simpler, right? I still have a hard time while reading to understand if content- authors have a possibility to offer alternative data flavours to users. I seem to

Re: further with transfers (Re: Clipboard actions BOF table at W3C TPAC)

2008-10-23 Thread Paul Libbrecht
Ian, Can you please respond to my request how to implement other flavour names? Also, I would like to see test-cases and reports for the implementations you indicate here. paul Le 22-oct.-08 à 17:02, Ian Hickson a écrit : On Wed, 22 Oct 2008, Charles McCathieNevile wrote: Ian, how

Re: Copyright license for ElementTraversal Java interface

2009-01-12 Thread Paul Libbrecht
I would like to add the wish to add this file as a jar within a W3C maven repository, maven is a build system based on declarative dependencies marking. The objective of a W3C maven repository would be to offer, in a way transparent to people that just checkout souces, a linking to W3C

Re: [access-control] Rename spec?

2009-01-14 Thread Paul Libbrecht
Being external to it all, i.e. just reading the mailing-list with the spec-title mentioned just about everytime, it clearly seems like a good move to me: that specs starts to taste interesting whereas, before, it seemed to be unrelated to my tasks! ;-) paul Le 13-janv.-09 à 17:50,

Re: ISSUE-85 (clipops security practice): What are common sucrity practices for Clipboard APIs? [Clipboard Operations]

2009-03-10 Thread Paul Libbrecht
A few ideas: - one of the dangers is that flavours may be damageable... so the general practice would be that, unless we're in a de-sandboxed region (anything else than file://?) all flavours should be sanitized (e.g. no scripting, no relative reference, no embedding, except for pack-

Re: DnD vs CnP (was Copy/Paste Events)

2009-08-13 Thread Paul Libbrecht
Le 13-août-09 à 13:34, Ian Hickson a écrit : So I'm saying is that, regardless of whether you use voice, keyboard, touch or mouse... There are two distinct concepts at play here. I disagree. The drag and drop model allows the user to drag to the clipboard and paste from the clipboard. This

Re: DnD vs CnP (was Copy/Paste Events)

2009-08-22 Thread Paul Libbrecht
Le 14-août-09 à 10:00, timeless a écrit : Paul Libbrecht wrote: - drag and drop allows a precise visual target identification thus may be considered safer (and this is actually implemented so: you can faster drag-and-drop URLs than copy and paste them). this isn't true. depending on how

Re: DnD vs CnP (was Copy/Paste Events)

2009-08-22 Thread Paul Libbrecht
Le 22-août-09 à 07:51, Ian Hickson a écrit : copy-and-paste is aimed at long term storage: if you write to the clipboard you have to write all the flavours you think a recipient would ever make use of! The clipboard often survives computer-restarts. Drag-and-drop can also be for

Re: DnD vs CnP (was Copy/Paste Events)

2009-08-23 Thread Paul Libbrecht
timeless, So, erm, your conclusion should be we follow MicroSoft Windows copy- and-paste? I still find that the immediate-clipboard-data-delivery is a safer mechanism. It's funny to fall on such a dichotomy! Le 23-août-09 à 15:47, timeless a écrit :

Re: DnD vs CnP (was Copy/Paste Events)

2009-08-26 Thread Paul Libbrecht
While re-reading the spec: http://dev.w3.org/html5/spec/Overview.html#drag-and-drop-processing-model I seem to understand that supply data immediately is the alternative proposed currently by HTML5. Right? If yes, then it's clear that most server-implementors will not be able to

Re: clipboard events

2010-12-26 Thread Paul Libbrecht
This would be really nice. After a very quick read-through, here are three first reactions: - this seems to support the insertion in the clipboard's data of other types than what is currently commonly supported by browsers and the minimum quoted there; this is good and important. I think, for

Re: clipboard events

2010-12-26 Thread Paul Libbrecht
This would be really nice. After a very quick read-through, here are three first reactions: - this seems to support the insertion in the clipboard's data of other types than what is currently commonly supported by browsers and the minimum quoted there; this is good and important. I think, for

Re: clipboard events

2011-01-04 Thread Paul Libbrecht
Oh boy... indeed it's a crab's nest! I think it's rather a good idea to whitelist and blacklist and get it richer as the browser makers' awareness grows into a catalog of tags, attributes, and properties that need to be sanitized out or may be kept. I'd rather suggest to start smallishly so

Re: clipboard events

2011-01-31 Thread Paul Libbrecht
Hello, sorry to be slow. Le 31 janv. 2011 à 11:39, Daniel Cheng a écrit : Platform capabilities vary. - Windows will be unhappy if you use up all the custom clipboard formats (~65535 or so). There is no way to release formats once registered. - Mac uses UTIs which are strings but not MIME

Re: clipboard events

2011-01-31 Thread Paul Libbrecht
Le 31 janv. 2011 à 18:09, Ryosuke Niwa a écrit : A website maker for, say, a shop for furnitures that knows they can go into my home plan maker through the clipboard will want to be able to produce and export a clipboard flavor that is unknown to both browser implementors and spec makers

Re: clipboard events

2011-01-31 Thread Paul Libbrecht
I am not sure I am entitled to any influence, except my registration to the mailing-list but I would insist to not limit in this way. The clipboard or drag-and-drop transfers are the way to go from the web into something else. They could maybe also be used to go from one site to another but

Re: Overview of W3C technologies for mobile Web applications

2011-02-25 Thread Paul Libbrecht
Dominique, I definitely agree this is a useful deliverable; I wish more EU projects be as careful in their survey as that! I was looking to see if MathML was mentioned (I think it should as a future technology but it has almost zero coverage on the mobile world yet). But I realize that HTML

Re: CfC: new WD of Clipboard API and Events; deadline April 5

2011-03-29 Thread Paul Libbrecht
Is the process currently requesting us to publish a draft so that comments can be gathered from the public? paul Le 29 mars 2011 à 13:37, Arthur Barstow a écrit : This is a Call for Consensus to publish a new Working Draft of Hallvord's Clipboard API and Events spec:

Re: CfC: new WD of Clipboard API and Events; deadline April 5

2011-03-29 Thread Paul Libbrecht
Well, so here are my comments: --- I would reformulate: MathML often needs to be transformed to be copied as plain text, for example to make sure to the power of is shown with the caret ^ sign. Also, the XML source could be placed in the clipboard with

Re: paste events and HTML support - interest in exposing a DOM tree?

2011-05-02 Thread Paul Libbrecht
Hallvord, Le 2 mai 2011 à 09:00, Hallvord R. M. Steen a écrit : I am not at all against your proposal but I tend to see two reasons against it: - I expect mostly the server to be providing the HTML, the javascript code does probably not need to process it further (they trust each other!)

Re: paste events and HTML support - interest in exposing a DOM tree?

2011-05-03 Thread Paul Libbrecht
Le 3 mai 2011 à 12:20, Hallvord R. M. Steen a écrit : Regarding simplifying the pasted html to remove stuff that could be malicious, consider a rogue app that injects a script in the clipboard and expects the user to hit paste on his bank site. Well, I've never seen a bank site with a

copy events and content from server

2011-05-03 Thread Paul Libbrecht
Hello list, As noted in the thread about security started by Halvord: In many of the scenarios I have working for, the content to be put on the clipboard would come from a luxury knowledge structure on the server, one that has access to some semantic source and can infer useful

Re: copy events and content from server

2011-05-03 Thread Paul Libbrecht
Ryosuke, Le 3 mai 2011 à 21:15, Ryosuke Niwa a écrit : Would it be thinkable to *lock* the copy event until either a timeout occurs or an unlock is called? No. We definitely don't want to lock a local system resource for some random web service that may potentially fail to release the

Re: clipboard events

2011-05-10 Thread Paul Libbrecht
Le 10 mai 2011 à 00:18, João Eiras a écrit : I would just model the 'copy' (and 'cut') events exactly as a 'dragstart' event, ideally so much so that you can literally use the same function for both. (Canceling 'cut' would prevent the default deletion of the selection, canceling 'copy' has

Re: clipboard events

2011-05-10 Thread Paul Libbrecht
Le 10 mai 2011 à 09:13, Daniel Cheng a écrit : I would expect scripts to want one of two things when they're preventing the default action: 1. They want to set their own data in the clipboard instead of what the browser would normally provide by default--for example, a document editor

Re: clipboard events

2011-05-10 Thread Paul Libbrecht
Can you expand on what kind of protection this was? Isn't it simply the same as a copy static content, copy text, or really copy kind of command? paul Le 10 mai 2011 à 09:41, timeless a écrit : Note that we only recently added protection for users against 'what you see is not what you copy'

Re: copy events and content from server

2011-05-17 Thread Paul Libbrecht
Hallvord, you seem to have not included João Eiras' answer: Le 5 mai 2011 à 04:34, João Eiras a écrit : A synchronous XHR solves this use case and there are no magic locks. Although I haven't explicitly tried to implement it and clearly feel it a synchronous XHR can block the UI in an ugly

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Hallvord, The risks is latent but it should be possible for a user to accept that a given site produces a given type. I do not think it is thinkable to avoid platform-dependent code when going to a platform specific OS. Everyone knows platform specific code is harder to maintain and should be

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 06:23, Hallvord R. M. Steen a écrit : To get a table started in the spec, could you give me a small list of (MIME) types one should mandate the UA to be aware of and be able to roundtrip to/from native clipboard types? Just off the top of your head? The typical Web MIME

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 09:21, Ryosuke Niwa a écrit : On Tue, May 17, 2011 at 12:11 AM, Paul Libbrecht p...@activemath.org wrote: Ryosuke, why would sensitive information be readable or writable? Because it has been available through clipboard. e.g. a popular productivity application puts

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 18:20, Ryosuke Niwa a écrit : On Tue, May 17, 2011 at 12:26 AM, Paul Libbrecht p...@activemath.org wrote: I agree it's a risk but since it's only when the user pastes intentionally, I don't think it is a risk to be excluded. I don't think it's okay. I didn't even save

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 18:39, Boris Zbarsky a écrit : On my mac, as far as I know, this can only happen if I copied the the file explicitly (as a file, not as a content). Pasting in some web-page means I want to transmit the information of the clipboard to the page. You want to transmit the file

Re: Filtering clipboard MIME types (was: Re: clipboard events)

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 19:06, Daniel Cheng a écrit : I would like to add all of the 3 MathML flavors: - application/mathml-presentation+xml - application/mathml-content+xml - application/mathml+xml paul I don't think we need all 3. Why not just application/mathml+xml? Daniel, you do mean

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 19:14, Daniel Cheng a écrit : I actually did implement reading arbitrary types from the clipboard/drop at one point on Linux just to see how it'd work. When I copied a file in Nautilus, the full path to the file was available in several different flavors from the

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 19:31, Daniel Cheng a écrit : On Tue, May 17, 2011 at 10:18, Paul Libbrecht p...@hoplahup.net wrote: Le 17 mai 2011 à 19:14, Daniel Cheng a écrit : I actually did implement reading arbitrary types from the clipboard/drop at one point on Linux just to see how it'd work

Re: risks of custom clipboard types

2011-05-17 Thread Paul Libbrecht
Le 17 mai 2011 à 20:05, Ryosuke Niwa a écrit : So file-flavour is something special that should be always filtered?? (in DnD or in CnP), which should be warned against in the spec? Ryosuke, can you confirm this is the only risk you were talking about? No. There are some applications

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2011-05-19 Thread Paul Libbrecht
Le 19 mai 2011 à 02:11, João Eiras a écrit : getData and setData must work outside clipboard events, like when clicking paste/copy/cut buttons on a toolbar. The clipboardData object needs to be exposed on the window, like in IE. I fully disagree here. This is exactly what has made the CnP

Copy prevention... up-and-running

2011-09-05 Thread Paul Libbrecht
While the discussion about preventing abuse in clipboards is happening, allow me to suggest something I recently found: In the page below is a fairly simple script that succeeds in preventing the user to select with the mouse, hence copy, in Firefox 6, Safari 5.1, and a few others.

Re: CfC: new WD of Clipboard API and Events; deadline April 5

2011-09-05 Thread Paul Libbrecht
Le 5 sept. 2011 à 16:50, Glenn Maynard a écrit : On Mon, Sep 5, 2011 at 6:13 AM, Hallvord R. M. Steen hallv...@opera.com wrote: Pretty much everything in this spec can be abused to cause nuisance. Personally, I'm less than thrilled to see an API giving sites more ability to mangle what I

Re: riks of the new clipboard operations API (was: Re: CfC: new WD of Clipboard API and Events; deadline April 5)

2011-09-05 Thread Paul Libbrecht
Le 6 sept. 2011 à 00:51, Glenn Maynard a écrit : On Mon, Sep 5, 2011 at 11:41 AM, Paul Libbrecht p...@hoplahup.net wrote: Slowly, users start to see the disadvantages of a dirty web-page (e.g. flash advertisement 100% cpu) and I am confident they will not that some pages mingle

Re: CfC: new WD of Clipboard API and Events; deadline April 5

2011-09-07 Thread Paul Libbrecht
Le 7 sept. 2011 à 09:43, Hallvord R. M. Steen a écrit : What helps average users is IMO mostly a UI question ;-) I'd predict that this will be handled much like popup windows. They became a nuisance for users, so UAs evolved to develop popup blocking, various types of UI for opt-in

Re: Obsolescence notices on old specifications, again

2012-01-23 Thread Paul Libbrecht
Tab, Le 23 janv. 2012 à 22:03, Tab Atkins Jr. a écrit : We have repeated evidence that pretending these specs aren't obsolete and useless hurts web implementors and authors. We're targeting the web with our specs, so that's extremely relevant for us, more so than non-web industries dealing

Re: Installing web apps

2012-02-01 Thread Paul Libbrecht
Le 1 févr. 2012 à 20:03, Ian Hickson a écrit : - a calendar client There are lots of calendar clients written on the Web today. - an IMAP client There are lots of mail clients written on the Web today. These are not web-apps that can work offline longer than 2 minutes. Android's

Re: Installing web apps

2012-02-01 Thread Paul Libbrecht
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit : Android goes somewhat in this direction with its app-security model... With all due respect, the app-security model on Android is a joke. Everyone just clicks through the permissions grant without even reading what's being requested,

Re: [clipboard] Event definition

2012-02-09 Thread Paul Libbrecht
Ms2ger, the same old issue with referencing a released spec or not... that was heavily discussed! Or am I wrong? Is there any reason that makes that sentence obsolete in DOM 2? I would have no issue that the clipboard document references both but it would become unreleasable if it had to rely

Re: safeguarding a live getData() against looping scripts? (was: Re: clipboard events)

2012-02-10 Thread Paul Libbrecht
This discussion seems to raise the issue of what happens to URLs to images (or other embedded objects) that are unresolved but become resolved when pasted. E.g. file:///Users/anton/Library/AddressBook (if that ever made sense) Should these also be sanitized away so that they do not, suddenly

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-17 Thread Paul Libbrecht
Hello Hallvord, I think it is a very good idea if such a method would be available from the point of view of a web-app author. I have one concern: media-types are likely to be insufficient and flavour names, whatever they are on the host platform should be allowed I think. Almost arbitrary

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-17 Thread Paul Libbrecht
Le 17 févr. 2012 à 19:23, Daniel Cheng a écrit : Any MIME type support restrictions that apply to clipboard MIME types will almost certainly apply to DnD MIME types as well. Therefore, it wouldn't make sense to tie it to ClipboardEvent. Not sure to understand what lie means. Maybe you mean

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-17 Thread Paul Libbrecht
Le 17 févr. 2012 à 19:25, Ryosuke Niwa a écrit : On Fri, Feb 17, 2012 at 10:10 AM, Paul Libbrecht p...@hoplahup.net wrote: I have one concern: media-types are likely to be insufficient and flavour names, whatever they are on the host platform should be allowed I think. Almost arbitrary

Re: (aside) MIME type (was Re: Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard)

2012-02-18 Thread Paul Libbrecht
WHEN I registered a media-type on the ietf list I have been quite much hit as the first comment one says media-type nowadays. And indeed MIME is meant for email originally. So I guess politically media-type is a requirement. Should I dig for a formal requirement? paul Le 18 févr. 2012 à

Re: (aside) MIME type

2012-02-18 Thread Paul Libbrecht
WHEN I registered a media-type on the ietf list I have been quite much hit as the first comment one says media-type sorry for the capitalization nowadays. And indeed MIME is meant for email originally. So I guess politically media-type is a requirement. Should I dig for a formal

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-18 Thread Paul Libbrecht
of data in this format is dropped on my window, I'll know what to do about it, and if you drag this data *from* my window to another application on the system, I can format and label it in a way the targe app will understand. Paul Libbrecht wrote: I have one concern: media-types

Re: [Clipboard] checking if implementation allows reading/writing a given type to the OS clipboard

2012-02-18 Thread Paul Libbrecht
Le 18 févr. 2012 à 16:25, Hallvord R. M. Steen a écrit : Does this include an ability for a page to say that a media-type is supported? (does it not appear natural?) Hm.. you mean a page should be able to say Hello web browser, I just lve processing application/pdf data from the

Re: [Clipboard] Processing model feedback (and other)

2012-02-19 Thread Paul Libbrecht
Le 19 févr. 2012 à 10:46, Anne van Kesteren a écrit : On Sat, 18 Feb 2012 16:45:07 +0100, Hallvord R. M. Steen hallv...@opera.com wrote: Firing an event surely should be specified elaborately elsewhere. I added another reference to DOM2-Events (though fire probably is used without being

Re: informal survey - on spec philosophy

2012-04-10 Thread Paul Libbrecht
Le 10 avr. 2012 à 22:25, Karl Dubost a écrit : A recent example from Canvas specification. http://html5.org/tools/web-apps-tracker?from=7030to=7031 p class=noteThis specification does not define the precise + algorithm to use when scaling an image when the code +

Re: Call for Editor: URL spec

2012-11-06 Thread Paul Libbrecht
Ian, Could be slightly more formal? You are speaking of hypocrisy but this seems like a matter of politeness, right? Or are you actually claiming that there's a license breach? That there are different mechanisms at WHATWG and W3C is not really new. Paul Le 6 nov. 2012 à 02:42, Ian Hickson a

Re: Clipboard API: Stripping script element

2013-03-29 Thread Paul Libbrecht
Nice catch for this example you provide below. The solution to this issue would be to simply empty the script element instead of stripping it away. Right? In your original mail, however, you write: It would be great to mention what kind of manipulations user agents are allowed to do to make

Re: MathML and Clipboard API and events

2013-04-12 Thread Paul Libbrecht
Hey Paul, nice to hear you raise this! I fully agree it should be possible for some JS code such as MathJax to copy MathML to clipboard. The reason it is not listed as a mandatory data type, I believe, is that I, at least, have been unable to demonstrate the zero risk of doing so. I believe I

Re: Fetch: HTTP authentication and CORS

2013-05-08 Thread Paul Libbrecht
On 7 mai 2013, at 02:23, HU, BIN wrote: Because nonce is needed to generate the appropriate digest, the 401 challenge is required. So the lesson here is: any developer that intends to use authenticated XHR should always start with an XHR that is a simple ping-like GET, then do the real

Re: Clipboard API: Default content in copy/cut handlers

2013-07-12 Thread Paul Libbrecht
Daniel, I personally think it is not at all a good idea to populate the clipboard when starting the drag! It makes sense when a copy operation is triggered, as the application may be vanishing. Most desktop DnDs I have observed only operate the transformation when the drop has occurred (hence

Re: Clipboard API: Enable `copy` event simulation with user's express permission (domain-wide)?

2013-07-24 Thread Paul Libbrecht
James, I personally think it would be a really good idea. But I am not a browser implementor. Overall, I agree with you that writing to the clipboard, only within a click or key event processing maybe?, is likely to be a non-concern on privacy. I would love to hear others' feedback. Is

Re: [clipboard] Clipboard API Mandatory Data Types

2014-06-25 Thread Paul Libbrecht
While I do not know the Safari-Desktop-implementation right now, I know that Apple's UTI has a URL type. See here: https://developer.apple.com/library/ios/documentation/miscellaneous/Reference/UTIRef/Articles/System-DeclaredUniformTypeIdentifiers.html It would be interesting to see a

Re: [clipboard] Semi-Trusted Events Alternative

2014-09-16 Thread Paul Libbrecht
On 16 sept. 2014, at 02:36, Brian Matthews (brmatthe) brmat...@cisco.com wrote: And again what about the naïve user that doesn’t even know what an extension is or read somewhere that they’re “bad”, or will even understand what happened when their wife/husband/parent/child finds

Re: [clipboard API] platform integration stuff - in spec or out of scope?

2015-01-31 Thread Paul Libbrecht
On 31 janv. 2015, at 14:48, Hallvord Reiar Michaelsen Steen hst...@mozilla.com wrote: If yes, do any of the other mandatory types have gotchas like Windows HTML Format - on any platform? The mandatory types currently are: text/plain text/uri-list text/csv text/css text/html

Re: [clipboard] Add RTF to the mandatory data types list?

2015-04-20 Thread Paul Libbrecht
On 20/04/15 22:11, Hallvord Reiar Michaelsen Steen wrote: Would it be a possible compromise to let a script describe data as RTF, and then put said data on the clipboard with the OS's correct RTF data type labelling? And vice versa, if the script asks for RTF give it any RTF contents from

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Paul Libbrecht
Daniel, this does not make sense to me. All these image parsers exploits can be triggered by an img tag, or? Similarly for XML using an XHR or some particular XML formats (RSS, SVG, XHTML, ...) in markup. There's absolutely no difference in the mistrust we should have between content brought by

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Paul Libbrecht
On 9/06/15 23:08, Daniel Cheng wrote: So the solution is to require that browsers that make known media-types in the clipboard actually parse it for its value? That sounds doable (and probably even useful: e.g. put other picture flavours in case of a pictures). I don't think

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Paul Libbrecht
other picture flavours in case of a pictures). Paul On 9/06/15 22:20, Daniel Cheng wrote: On Tue, Jun 9, 2015 at 12:27 PM Paul Libbrecht p...@hoplahup.net mailto:p...@hoplahup.net wrote: Daniel, this does not make sense to me. All these image parsers exploits can be triggered

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-09 Thread Paul Libbrecht
, but even valid data that some decoders fail to handle gracefully. On 9 June 2015 at 14:13, Paul Libbrecht p...@hoplahup.net mailto:p...@hoplahup.net wrote: On 9/06/15 23:08, Daniel Cheng wrote: So the solution is to require that browsers that make known media-types

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-06-13 Thread Paul Libbrecht
Hello all, I think a good solution would then be that UAs do a transcoding, or? (so the spec should recommend doing it) I understand that the right-menu copy image function has the same problem except if that one does transcoding (and it probably does, to offer more native flavours). That would

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-08-17 Thread Paul Libbrecht
Hallvord, do you not want to split the writable types list in safe and non-safe ones and let browsers how they deal with unsafe ones? Here's an idea: html, xml, and picture formats should be in the unsafe ones. I guess json too (but both XML and JSON are too generic to my taste). Similarly, I'd

Re: App-to-App interaction APIs - one more time, with feeling

2015-10-18 Thread Paul Libbrecht
Daniel, as far as I can read the post, copy-and-paste-interoperability would be a "sub-task" of this. It's not a very small task though. In my world, E.g., there was a person who inventend a "math" protocol handler. For him it meant that formulæ be read out loud (because his mission is making the

Re: App-to-App interaction APIs - one more time, with feeling

2015-10-18 Thread Paul Libbrecht
Anders Rundgren wrote: > Unless you work for a browser vendor or is generally "recognized" for > some > specialty, nothing seems to be of enough interest to even get briefly > evaluated. Maybe the right thing is assemble "user representative" groups and be enough heard on such places as this

Re: Clipboard API: remove dangerous formats from mandatory data types

2015-08-29 Thread Paul Libbrecht
Hello Hallvord, Hallvord Reiar Michaelsen Steen mailto:hst...@mozilla.com 27 août 2015 18:32 On Mon, Aug 17, 2015 at 2:54 PM, Paul Libbrecht p...@hoplahup.net mailto:p...@hoplahup.net wrote: do you not want to split the writable types list in safe and non-safe ones and let browsers

Re: Clipboard API: remove dangerous formats from mandatory data types

2016-02-08 Thread Paul Libbrecht
(Finally found some time to resume this old discussion - if you've all forgotten the details by now the thread started here: https://lists.w3.org/Archives/Public/public-webapps/2015AprJun/0819.html ) cool! >> But copying a fragment of HTML in the wild without reformulating it will >> lead to