To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Does Flash require a user gesture for this as well?
"It's safe because we nagged the user with a pop-up" doesn't convince
me. Nor does "We might as well because Flash."
What are users to think of a pop-up that says, "Do you want to let
this web site do something that seems obvious and basic?" I suspect
they will be annoyed, and not understand the issue (after all, copying
and pasting is obvious and basic, so it's surely safe...). I suspect
that the gesture will not actually protect people from malicious
clipboard-sniffers.
Obvious and basic though copy/cut/paste is, this feature reverses the
power dynamic in a way that no pop-up can make obvious.
The best user gesture to assert user intent *is the one that already
exists in the operating system*.
What actual real-world application problem does this solve? I've seen
the apps that have a "click this Flash button to copy the following
text", but that's not obviously better than just letting people use
the existing and well-understood copy/paste mechanisms. Especially
since the open web could read whatever I have in my clipboard —
passwords from my password manager!, the texts of private emails, et
c. — and especially since the mitigation is basically a fig leaf, this
feature seems to create more problems than it solves.
> email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Late to the party, but isn't the attack vector a website that'd copy "rm -rf /" or another malicious command to the user's clipboard, with hope that the user will later paste it to his shell?
Yeah, I'm aware of that shell copy attack, and as a result, do not copy/paste from untrusted websites. I guess the safety of that feature depends on the obviousness of the user gesture that's be required to enable copying into the clipboard.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.