Gating clipboard APIs on active event

4 views

Skip to first unread message

Evan Stade

unread,

Nov 8, 2023, 8:23:54 PM11/8/23

to layou...@chromium.org, stora...@chromium.org

Hello layout/editing team,

We'd like to explore relaxing the permissions checks on the async clipboard API (implementation) such that no permissions checks would be required if the API is invoked within certain event handlers. For example, when called inside a "paste" event handler, `navigator.clipboard.read()` would not trigger a permission prompt. This should only happen if the EditorCommandSource is kMenuOrBinding. Currently we're only at the stage of assessing technical feasibility and will save the full launch review process for later, so ignoring any security or privacy concerns for the moment...

Are there any precedents we should be aware of? i.e. an established way of accomplishing this.
strawman: we could hang a little bit of state on the DOMWindow (via a supplementable?) in ClipboardCommands::DispatchClipboardEvent, and later access it in Clipboard.

Better ideas welcome

Thanks for any assistance!

-- Evan Stade

TAMURA, Kent

unread,

Nov 9, 2023, 2:58:52 AM11/9/23

to Evan Stade, layou...@chromium.org, stora...@chromium.org

It's similar to API behavior switching on user activation. However I think we don't have a general mechanism to detect whether the code is in an event handling of a specific event.

So, adding a flag sounds reasonable.

Better ideas welcome
Thanks for any assistance!

-- Evan Stade

--
You received this message because you are subscribed to the Google Groups "layout-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to layout-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/layout-dev/CAO4XGS_r65K5ZyfesnFV2af%3DkX4WvRcs0RBFzFb4HgG1JMP_Qw%40mail.gmail.com.