Contact emails
anso...@microsoft.com, sni...@microsoft.com, pc...@microsoft.com
Explainer
https://docs.google.com/document/d/1rTEg2I-hMPXGiLrEMqKJz2Ycu6GRjlM3uvakOe84m8Q/edit?usp=sharing
Specification
None
Summary
This proposal aligns the HTML format read/write async API with the setData/getData DataTransfer APIs. Currently, when we read/write text/html MIME types using the async API, the sanitizer is invoked to strip out contents from the HTML markup due to security concerns, and styles are inlined in the HTML. This leads to loss of fidelity of HTML content when read by web authors or native apps.
Motivation
Using DataTransfer object’s setData and async clipboard write method, we are seeing interop differences in how the HTML content is sanitized and written to the clipboard. In Chromium, async clipboard write method clears the clipboard content first and then writes the payload which results in overwriting the previous HTML content that was inserted by authors using DataTransfer object’s setData API. It’d be beneficial for web authors if async clipboard and setData APIs provide the same HTML content during copy operation, so that round tripping is possible without any interop differences.
Moreover, creating a fragment and inlining the styles bloats the payload and strips out the custom styles inserted by sites like Excel Online that are used to preserve excel specific semantics.
Comments
Discussion between stakeholders: https://docs.google.com/document/d/1ha0pcpQsEgVGtPK8dd8N_0P1ynI7rXV7bR5ZFmOTD6Y/edit?usp=sharing
Firefox's support: https://github.com/w3c/clipboard-apis/issues/150#issuecomment-1031684598
Blink component
TAG review
TAG review status
As this is a Chromium specific change, we don’t believe this merits TAG review. But we’re happy to file a request if API_OWNERS feel this change should have one.
Risks
Interoperability and Compatibility
Gecko: Positive https://github.com/w3c/clipboard-apis/issues/150#issuecomment-1031684598
WebKit: No signal
Web developers: Positive
Debuggability
The async clipboard APIs have basic tooling support as described in https://docs.google.com/document/d/1eJn5QIX4JFGackDYmdLxWXEmTDkSGj_ZGz5XY4uCKbY/edit
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes
Is this feature fully tested by web-platform-tests?
No
Flag name
TBD
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1268679
Estimated milestones
No milestones specified.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5716132676763648
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/MN2PR00MB046492DBF7ABFE976B948BE8FD899%40MN2PR00MB0464.namprd00.prod.outlook.com.
Just to clarify some of the points in the explainer. This proposal introduces an `unsanitized` option only in the navigator.clipboard.read() method. For write() we will always write unsanitized HTML content to the clipboard. This will align the behavior of async APIs with the DataTransfer APIs and also be backward compatible with the native apps on certain platforms like Windows that rely on this behavior. With the current sanitization in async API, copy pasting HTML content in Office native apps is broken because we remove custom styles from the HTML markup, inline styles into the fragment that increases the size of the copy payload etc when we write the HTML format to the system clipboard.
This proposal is a Chromium specific change because Firefox and Safari opposed to having an unsanitized option in the read() method, but they agreed to align the behavior of async APIs with DataTransfer APIs. We shipped the sanitization behavior first, so changing that would be a breaking change for us. Safari has the sanitization behavior for cross-origin copy-paste, but for same origin, they allow access to unsanitized HTML content. Safari’s async APIs behavior is aligned with the DataTransfer APIs so they don’t want to add an unsanitized option to read() method and cause backward compatibility issues. Firefox behaves the same as Chromium, but we didn’t see any support from them for adding an unsanitized option in read() method to allow web authors to access unsanitized HTML content.
Even though the usage of async read/write is low, we got feedback from security and other stakeholders that changing the behavior of the API would break the existing sites that rely on the sanitization behavior and also make the API “less secure”. Adding an option to switch between sanitized and unsanitized HTML content during read, and always writing unsanitized HTML content to the system clipboard would address both backward compatibility and security concerns.
Please let us know if you have any questions/concerns.
-Anupam
The unsanitized option being proposed here is only for the well-known HTML format. It could be extended to other well-known formats, but for now we are focusing on the HTML format. Web custom format is unsanitized by design, so this option doesn’t affect the existing web custom formats.
Thanks for the comments and clarifications on the feature.
Hi,
The change to introduce read/write unsanitized HTML content to/from the clipboard is still in review, not yet merged. Please see [Clipboard API] Write unsanitized HTML content to the clipboard (Ife196418) · Gerrit Code Review (googlesource.com) and [Clipboard API] Read unsanitized HTML content to the clipboard (Ifb148d27) · Gerrit Code Review (googlesource.com).
Thanks,
Ana
From: Michael Ford <michae...@rythan.com>
Sent: Friday, October 21, 2022 10:11 AM
To: blink-dev <blin...@chromium.org>
Cc: Ana Sollano Kim <Ana.S...@microsoft.com>; Bo Cupp <pc...@microsoft.com>; blin...@chromium.org <blin...@chromium.org>; Anupam Snigdha <sni...@microsoft.com>; tste...@google.com <to...@google.com>
Subject: Re: [EXTERNAL] Re: [blink-dev] Intent to prototype: Align async API read/write HTML format with DataTransfer API
Could I get clarification on the #clipboard-unsanitized-content flag? When I enable this the Async API writes unsanitized html which is great but when I call the following I don't see a new html and the original "text/html" is still sanitized. I am testing against 107 beta on 10/21/2022. I have read the docs but I am unclear of the final decision/implementation.
navigator.clipboard.read({
unsanitized: true
})
My goals is to have interop copy/paste with Excel desktop (2019)
Thanks