sni...@microsoft.com, sa...@microsoft.com, est...@chromium.org
https://w3c.github.io/clipboard-apis/#dom-clipboard-write
https://docs.google.com/document/d/1rTEg2I-hMPXGiLrEMqKJz2Ycu6GRjlM3uvakOe84m8Q/edit?usp=sharing
The Async clipboard writer API uses sanitizers to strip out content such as <head>, <meta>, <style>, <script> tags from the HTML and inline styles into the markup. In this proposal, writing to the clipboard for `text/html` MIME type using the navigator.clipboard.write() API will write a higher fidelity sanitized, well-formed HTML markup instead of a more strictly sanitized HTML fragment. It will also preserve the tags such as <meta>, <style>, <head> etc that were stripped out by the fragment parser.
Roundtripping of HTML content using the async clipboard API within the web doesn’t change as the async clipboard read() method still produces a sanitized HTML fragment.
Method used to write HTML data to the clipboard |
Does it affect the DataTransfer getData() method? |
Does it affect the navigator.clipboard.read() method? |
Does it affect the native apps that read HTML data from the clipboard? |
navigator.clipboard.write() |
Yes, if web authors write via navigator.clipboard.write() and read via DataTransfer getData(). It returns well-formed HTML markup. |
No. By-default read() returns a strictly sanitized fragment. |
Yes. It returns a higher fidelity sanitized markup instead of a strictly sanitized fragment. |
unsanitized html, async clipboard, clipboard, copy
None. There is no web API change. It only changes the sanitization requirement by writing a higher fidelity sanitized HTML instead of a more strictly sanitized HTML fragment to the system clipboard.
TAG reviewed the unsanitized read/write as part of a broader review of the Pickling API
https://github.com/w3ctag/design-reviews/issues/636#issuecomment-919324784
https://github.com/w3ctag/design-reviews/issues/636#issuecomment-869792053
Not applicable
Existing paste targets don't need to make updates to read HTML written via the async clipboard API, as they are already able to handle unsanitized HTML written via the DataTransfer API.
Gecko: Neutral (https://github.com/mozilla/standards-positions/issues/769)
WebKit: Negative (https://github.com/w3c/clipboard-apis/issues/150#issuecomment-974236367)
Web developers: Positive signals from Excel Online. Google Sheets also appear to be positive based on discussions in this bug, I2S and email conversations.
Other signals:
No API change.
The current Clipboard Async API write method as specified in https://w3c.github.io/clipboard-apis/#dom-clipboard-write isn't affected by this change, the behavior is validated in existing web tests.
Existing DataTransfer APIs already allow reading and writing unsanitized HTML content from/to the clipboard. The proposed change just makes sure that the HTML markup that gets written to the clipboard via the async clipboard API is a well-formed HTML document.
Here is a threat model that was presented to the Chrome security team: https://docs.google.com/document/d/1QLt50Q8UnlQksVltZ2PNkDZVdk9N58Pq7P0lzGTKh-U/edit?usp=sharing
Since the DataTransfer API, which is more widely used, already allows access to the unsanitized HTML content, we don’t think there are any additional security concerns with this proposal.
Native apps have their own HTML parser to process the HTML content before it is inserted into their document model. These apps already handle unsanitized HTML because the DataTransfer API, which is much more commonly used, does not sanitize HTML either. More details here: https://docs.google.com/document/d/1O2vtCS23nB_6aJy7_xcdaWKw7TtqYm0fERzEjtLyv5M/edit?usp=sharing.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
No specific DevTools changes are required as it doesn’t introduce any new web API. Existing support for async clipboard APIs is sufficient.
Yes
Yes
https://wpt.fyi/results/clipboard-apis/async-unsanitized-standard-html-formats-write-read.tentative.https.html, https://wpt.fyi/results/clipboard-apis/async-unsanitized-standard-html-read-fail.tentative.https.html
ClipboardWellFormedHtmlSanitizationWrite
ClipboardWellFormedHtmlSanitizationWrite
False
https://bugs.chromium.org/p/chromium/issues/detail?id=1268679
https://github.com/w3c/editing/blob/gh-pages/docs/clipboard-unsanitized/unsanitized-html-demo.html
Shipping on desktop |
122 |
Shipping on Android |
122 |
Shipping on WebView |
122 |
None
https://chromestatus.com/feature/6236486997639168
This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/SJ0PR00MB09912FF13F0DA983D298E0E4CF8FA%40SJ0PR00MB0991.namprd00.prod.outlook.com.
Fixing typos and formats.
From: Anupam Snigdha
Sent: Monday, December 11, 2023 2:42 PM
To: blin...@chromium.org <blin...@chromium.org>
Cc: Sanket Joshi (EDGE) <sa...@microsoft.com>; Evan Stade <est...@chromium.org>; Ana Sollano Kim <Ana.S...@microsoft.com>
Subject: Web-Facing Change PSA: Async Clipboard API: Write well-formed HTML document.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/SJ0PR00MB0991226DDC0F8A44190F3DAFCF8FA%40SJ0PR00MB0991.namprd00.prod.outlook.com.
You don't often get email from rby...@chromium.org.
Learn why this is important
|
Reading through this discussion, WebKit raised some privacy concerns and indicated that they would not be willing to ship the proposed changes.
Specifically, I see that the security team has been consulted for this feature, but I'm curious to see if this has been raised with privacy teams
You don't often get email from vmp...@google.com.
Learn why this is important
|