Sorry for the late response (I was out on vacation). Writing to the clipboard is quite distinct from reading from the clipboard, isn't it? https://gifted-stingy-ketchup.glitch.me/ actually surfaces a permission prompt when executing `navigator.clipboard.read()`, which is more in line with my expectations.
Yes, it is, but this feature really affects writing to the clipboard as the promises to the Blobs are provided by the web authors. Thus, browser is not (at least for now) in control of the timing of when the promises are resolved. For reading, we are in complete control of the promises. In Chromium we read all the supported clipboard formats during the read() call and after user grants permission to access the clipboard, and resolve the promises with the Blob data. UAs could choose to not do this and may read the payload and resolve the Blob data when it's actually queried via getType<https://www.w3.org/TR/clipboard-apis/#dom-clipboarditem-gettype> method. The question in my mind relates to the content of that promise's resolution. Is the resulting blob created at the point at which the `read()` method is called (as a "copy of the system clipboard data")? Or is the resolution "active" in some sense, returning a blob representing whatever happens to be in the clipboard at the time the promise is resolved? At least in chromium, we read the payload from the clipboard corresponding to the formats during the read() method call (asynchronously so we don't block the UI thread): https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/clipboard/clipboard_promise.cc;drc=8cc4402c875055fe7989c15f7dfdd04a46c753fc;l=256 But like I said, write() affects how web authors process the ClipboardItem object which in turn affects when the content is written to the clipboard. I don't think there is any issue with the read() API, and this proposal doesn't affect how Chromium reads formats from the clipboard and when the promises to the Blobs are resolved. does a click give you access to the clipboard _now_, or at some arbitrary point in the future? Yes, click gives you access to the clipboard, but promises to the blobs don't have to be resolved within the event handler. e.g. Here instead of resolving the promises, you could resolve it later, but the call to the write() method needs to happen inside the click event handler. <button id="copy-html">Copy text and markup</button> <div>Then paste in the box below:</div> <div contenteditable spellcheck="false" style="width: 200px; height: 100px; overflow: hidden; border: 1px solid black;"></div> <script> document.getElementById("copy-html").addEventListener("click", event => { navigator.clipboard.write([ new ClipboardItem({ "text/plain": Promise.resolve("This text was copied using `Clipboard.prototype.write`."), "text/html": Promise.resolve("<p style='color: red; font-style: oblique;'>This text was copied using <code>Clipboard.prototype.write</code>.</p>"), }), ]); }); </script> From: Mike West <mk...@chromium.org> Sent: Thursday, October 28, 2021 11:42 PM To: Anupam Snigdha <sni...@microsoft.com> Cc: bratel...@gmail.com; dome...@chromium.org; yoavwe...@chromium.org; blink-dev@chromium.org; ann...@annevk.nl; m...@chromium.org; Bo Cupp <pc...@microsoft.com> Subject: Re: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item On Fri, Oct 29, 2021 at 3:56 AM Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>> wrote: Let me try to clarify few things. Currently there is no user activation requirements in async clipboard read/write in Chromium browsers. e.g. https://clumsy-garnet-meeting.glitch.me/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclumsy-garnet-meeting.glitch.me%2F&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544755155%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DgqHOc6Wrs6TyJEtE4W8Uv%2BgI%2FEM6w%2Bqoxaxsox%2BPJg%3D&reserved=0>. Just load this page and refresh it without clicking anywhere on the page, you will see the content will get written to the clipboard without any gesture. Writing to the clipboard is quite distinct from reading from the clipboard, isn't it? https://gifted-stingy-ketchup.glitch.me/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgifted-stingy-ketchup.glitch.me%2F&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544765144%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cl9S0fELEdTglAmFf7qUsXc1K7FWmxJ%2B76GpRqCsTZg%3D&reserved=0> actually surfaces a permission prompt when executing `navigator.clipboard.read()`, which is more in line with my expectations. Safari, due to security concerns, implemented a gesture requirement to access clipboard via async clipboard APIs. The read()/write() method can only be called inside a trusted user gesture event handler, but the promises to Blobs can be resolved later which gives the web authors the flexibility to not block the thread to populate the payload. The question in my mind relates to the content of that promise's resolution. Is the resulting blob created at the point at which the `read()` method is called (as a "copy of the system clipboard data")? Or is the resolution "active" in some sense, returning a blob representing whatever happens to be in the clipboard at the time the promise is resolved? In Pickling API<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fediting%2Fblob%2Fgh-pages%2Fdocs%2Fclipboard-pickling%2Fexplainer.md&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544785141%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0RDCeUoYRVGbRJ3Mw%2FD343ivgIPz3gr8k2F84bBm19I%3D&reserved=0>, which adds capability to the async clipboard API to read/write unsanitized content, initially we added a transient user activation requirement because the API lets web authors read/write unsanitized content using a custom clipboard format. Both Chrome security team(see "User Gesture Requirement" section in https://github.com/w3c/editing/issues/315<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fediting%2Fissues%2F315&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544795148%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DNMz4wi843miLCGc2R8AaTnn54FCE6i%2FdJm5vReJJ9A%3D&reserved=0>) and TAG(https://github.com/w3ctag/design-reviews/issues/636#issuecomment-857829725<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3ctag%2Fdesign-reviews%2Fissues%2F636%23issuecomment-857829725&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544805139%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wui5OdPIHuxn%2F3bGJidy1RL%2BOs76rICxWHCqLlGLXv8%3D&reserved=0>) raised the concern that transient user activation is NOT sufficient to give clipboard access to web authors. That sounds right to me, and points again to the question above: does a click give you access to the clipboard _now_, or at some arbitrary point in the future? This change is required to not only support the Pickling API's user gesture event handling requirements, but also improve the security by adding an even stronger signal of the user intent to copy. We also talked about this in the Editing WG call with Apple and they are opposed to transient user activation and I believe Firefox raised concerns as well(https://github.com/w3c/clipboard-apis/issues/52#issuecomment-599443986<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fissues%2F52%23issuecomment-599443986&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544815122%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=G6K86SgLri%2BjTTLW802xFUgNy%2BTezhi%2FKS1NJxY7wGk%3D&reserved=0>). Re: clipboard spec: I believe the spec needs to be updated so I've started this PR: https://github.com/w3c/clipboard-apis/pull/158<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fpull%2F158&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544825117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NMTRa78mbiG%2Bsrsyax4eqp76XzSPTq1yAv2LBLKc2zk%3D&reserved=0>. Please let me know if you have any other quesions/concerns. -Anupam ________________________________ From: Mike West <mk...@chromium.org<mailto:mk...@chromium.org>> Sent: Thursday, October 28, 2021 12:17 PM To: Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>> Cc: bratel...@gmail.com<mailto:bratel...@gmail.com> <bratel...@gmail.com<mailto:bratel...@gmail.com>>; dome...@chromium.org<mailto:dome...@chromium.org> <dome...@chromium.org<mailto:dome...@chromium.org>>; yoavwe...@chromium.org<mailto:yoavwe...@chromium.org> <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>>; blink-dev@chromium.org<mailto:blink-dev@chromium.org> <blink-dev@chromium.org<mailto:blink-dev@chromium.org>>; ann...@annevk.nl<mailto:ann...@annevk.nl> <ann...@annevk.nl<mailto:ann...@annevk.nl>>; m...@chromium.org<mailto:m...@chromium.org> <m...@chromium.org<mailto:m...@chromium.org>>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>> Subject: Re: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item We discussed this in the API owners' meeting, and there's some confusion both about what's specified, and what Chromium's implementation does. I read https://github.com/w3c/clipboard-apis/issues/161<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fissues%2F161&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544835111%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EE2gRg4BDjvnOJJG%2Ba7qE2qqkNweGaDZxMEzndGgRDw%3D&reserved=0> as suggesting that the `ClipboardItem` has a promise which, when resolved, provides access to the current contents of the clipboard (and a response suggests that there's a 1 second limit on that). Step 2.3 of https://www.w3.org/TR/clipboard-apis/#dom-clipboard-read<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fclipboard-apis%2F%23dom-clipboard-read&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544845110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2yOeLmCZZ5MVbKbev0Ic4HGmkpFzIRpOLFRNGMfsRE0%3D&reserved=0> suggests that read operations return "a copy of the system clipboard data", which seems inconsistent. Can y'all help me understand what our model is here? And what the model ought to be, if it diverges from what we've currently implemented? -mike On Wed, Oct 27, 2021 at 8:07 PM 'Anupam Snigdha' via blink-dev <blink-dev@chromium.org<mailto:blink-dev@chromium.org>> wrote: Thanks Daniel for raising this concern. I have opened an issue to discuss with the Editing WG: https://github.com/w3c/clipboard-apis/issues/161<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fissues%2F161&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544855101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VlwL8SqJN4Xco7KLtleuJoxNOxTATe3wi6ZmTDyTJog%3D&reserved=0>. In the current implementation, I think verifying whether the Document is active or not after the promises have been resolved should mitigate some of the concerns. From: Daniel Bratell <bratel...@gmail.com<mailto:bratel...@gmail.com>> Sent: Thursday, October 21, 2021 12:48 PM To: Domenic Denicola <dome...@chromium.org<mailto:dome...@chromium.org>>; Yoav Weiss <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> Cc: blink-dev <blink-dev@chromium.org<mailto:blink-dev@chromium.org>>; Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>>; ann...@annevk.nl<mailto:ann...@annevk.nl> <ann...@annevk.nl<mailto:ann...@annevk.nl>>; Marijn Kruisselbrink <m...@chromium.org<mailto:m...@chromium.org>>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>> Subject: Re: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item Inspired by the recent talk about user interaction, I feel like there is one thing I want to understand. So with a Promise you move the execution to a later time. Is it possible here for a malicious page to delay an action to much, much later and then do that clipboard operation on data that was not available at the time of the clipboard operation the user initiated? If so, could that have security implications? Could there even be more than one ongoing clipboard operation at a time? /Daniel On 2021-10-21 17:20, Domenic Denicola wrote: On Thu, Oct 21, 2021 at 5:21 AM Yoav Weiss <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> wrote: LGTM1 to ship conditional that y'all continue to work on PR #158<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fpull%2F158&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544865097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZgLrU8LIMZdAyTkef%2FWkpKuGYCo%2F0oRYbMCcd1cirDA%3D&reserved=0> specifically, and clarifying the spec's processing model in general. On Thursday, October 21, 2021 at 2:04:53 AM UTC+2 snianu wrote: Gentle ping as the branch cutoff date for 97 is pretty close. While I agree that the issues related to clipboard API spec need to be addressed, I don't think this feature needs to be blocked on that. It's not a breaking change i.e. sites can continue to use Blobs if they want to(although I don't think any developer would want to have different codepaths for Apple and Chromium browsers) FWIW, I got curious RE why that *should* work, and did some digging. It seems like the bindings methods that accept a `Promise<T>` input value call `NativeValueTraits<IDLPromise><https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsource.chromium.org%2Fchromium%2Fchromium%2Fsrc%2F%2B%2Fmain%3Athird_party%2Fblink%2Frenderer%2Fbindings%2Fcore%2Fv8%2Fnative_value_traits_impl.h%3Bl%3D775%3Fq%3DArgumentValue%26ss%3Dchromium%252Fchromium%252Fsrc&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544885083%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=432J4kXSWIPEKfI7GXkbq7kgf4ATG1NqaC98YFXvNPg%3D&reserved=0>` on that value, which casts<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsource.chromium.org%2Fchromium%2Fchromium%2Fsrc%2F%2B%2Fmain%3Athird_party%2Fblink%2Frenderer%2Fbindings%2Fcore%2Fv8%2Fscript_promise.cc%3Bdrc%3Dac35167cc1cf9c40778c1e1d8855fd90a90f0fbf%3Bl%3D291&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544895073%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=h0t0ZJc8bA1uNks%2Bjm3doJlpVxQ2%2Fuwqythuw002HWI%3D&reserved=0> the value foo into a `Promise.resolve(foo)`, if it wasn't a Promise already. The same seems to work in WebKit as well. Do you know if this bindings behavior is specified? It is: https://webidl.spec.whatwg.org/#es-promise<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwebidl.spec.whatwg.org%2F%23es-promise&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544905089%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0YBEG7%2Bp967hOPE%2F1TdGQcgAlws6zBD2TRFDsWa3AWc%3D&reserved=0> Also, can you add tests for both input cases as part of your CLs for this? , and Apple has already shipped this feature. Please let me know in case of any concerns. -Anupam From: Anupam Snigdha Sent: Thursday, October 7, 2021 9:53 AM To: 'Yoav Weiss' <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> Cc: ann...@annevk.nl<mailto:ann...@annevk.nl>; blink-dev@chromium.org<mailto:blink-dev@chromium.org>; m...@chromium.org<mailto:m...@chromium.org>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>> Subject: RE: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item Yep, I'll address the feedback from Anne and mbrodesser (from Mozilla). Thanks for all your help Anne and Yoav! From: Yoav Weiss <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> Sent: Thursday, October 7, 2021 12:03 AM To: Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>> Cc: ann...@annevk.nl<mailto:ann...@annevk.nl>; blink-dev@chromium.org<mailto:blink-dev@chromium.org>; m...@chromium.org<mailto:m...@chromium.org>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>> Subject: Re: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item On Tue, Oct 5, 2021 at 4:02 AM Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>> wrote: Here is a WIP PR to address the spec issue: https://github.com/w3c/clipboard-apis/pull/158<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fpull%2F158&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544925056%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Tz8tj0p5MHgPLT5PWQSEtnWRn2xC3X4NwYaI%2Bnv4x%2F0%3D&reserved=0>. Can you address feedback from Anne on the PR? From: Anupam Snigdha Sent: Monday, October 4, 2021 10:45 AM To: 'Yoav Weiss' <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>>; Anne van Kesteren <ann...@annevk.nl<mailto:ann...@annevk.nl>> Cc: blink-dev <blink-dev@chromium.org<mailto:blink-dev@chromium.org>>; Marijn Kruisselbrink <m...@chromium.org<mailto:m...@chromium.org>>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>> Subject: RE: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item For #1: I don't think we would want to diverge from the spec. There is a reason why we have promises to Blobs and not just Blobs in the ClipboardItem because, well, not having promises defeats the purpose of having an async API. Also waiting for the Blob data synchronously without triggering the clipboard write operation leads to problems like this<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D1014310%23c15&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544935057%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=etyJqjv9uqLyyfkhgP7kcFKOdisja7oaHCX01KCMos0%3D&reserved=0> and performance issues in sites like Excel Online where the copy payload is in MBs. That makes sense. For #2: This might sound more of a rant so apologies in advance. I agree with Anne that the spec is not really clear at all on the specifics of the async clipboard API and some of the terminologies used in the algorithms. However, making changes to the spec or even clarifying the language after an API has been shipped, is really hard, as we need to get consensus from all browser vendors. I tried to clarify what "sanitization" means just for the HTML format<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fissues%2F150%23issuecomment-909405090&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544945051%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=W6PIdaS0xrnrRhbIZV3xxg9vOyrm7%2Fo2lb01MIMywVk%3D&reserved=0> and Apple opposed to this change<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fissues%2F150%23issuecomment-922211803&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544965035%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w9xtPqAk1lBZzj9mGJjJ%2FmnPhbeQfj6Y2L2wSvsxgiU%3D&reserved=0>. That's unfortunate :/ Perhaps I can add a non-normative note which would at least give some clarity on the sanitization process, but that would probably require UA specific non normative notes which defeats the purpose of standardization. I also tried to make changes to address Mozilla's concern about mandatory data types supported by async clipboard APIs: https://github.com/w3c/clipboard-apis/pull/155<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fclipboard-apis%2Fpull%2F155&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544975031%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zpSvfhPWYv6ZZMR%2FxLlTTxtEDETb3eIbaGwKUGKmyMA%3D&reserved=0>, but this PR has been sitting for almost a month now and I'm not able to make any progress. FWIW, it seemed to have made some progress initially and then stalled. Pinging it may make sense. In order to make progress on spec changes, we decided to have a discussion with the Editing WG members and submit changes to the spec if no one objects to it. Currently the Editing WG has representatives from Apple and MS who regularly attend the monthly status meetings. So my question is, if we get an approval from the WG, then does that meet the minimum bar to make spec changes? That's for the Editing WG to decide. Looking at its charter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2021%2F06%2Fweb-editing-wg-charter.html&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865544995027%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bUly6J4R6Ftysrm46L%2BmW%2FOCtgO0i1k8vhtKon%2FKIDw%3D&reserved=0>, it seems the chairs may be able to help move things along (e.g. by bringing decisions to a vote, if no consensus is reached). Anyways, I'm working on updating the spec to at least define the Clipboard interface IDL, but since Apple and Chromium browsers have already shipped this API, I don't think it's possible to make any significant changes to the APIs without breaking at least one of the browsers. This change addresses the discrepancy between the ClipboardItem IDL as defined in the spec(also implemented by Apple) and what is implemented in Chromium. This is not a breaking change so I think the risk is minimal here. From: Yoav Weiss <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> Sent: Friday, October 1, 2021 4:15 AM To: Anne van Kesteren <ann...@annevk.nl<mailto:ann...@annevk.nl>> Cc: Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>>; blink-dev <blink-dev@chromium.org<mailto:blink-dev@chromium.org>>; Marijn Kruisselbrink <m...@chromium.org<mailto:m...@chromium.org>>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>> Subject: Re: [EXTERNAL] Re: [blink-dev] Intent to Implement and Ship: Add support for Promise to Blobs in clipboard item On Fri, Oct 1, 2021 at 12:46 PM Anne van Kesteren <ann...@annevk.nl<mailto:ann...@annevk.nl>> wrote: On Fri, Oct 1, 2021 at 12:35 PM Yoav Weiss <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> wrote: > Thanks Anne and Thomas for the cross-browser context. > > Anupam - looking at the issue Anne posted, it seems Firefox explicitly did > not implement this. > I think it'd be interesting to get their opinions as to why, and whether we > should align with the current WebKit behavior or the current Chromium one. > > Anne - do y'all want to chime in here, or would a standards position issue be > the best venue? There is an existing issue: https://github.com/mozilla/standards-positions/issues/89<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmozilla%2Fstandards-positions%2Fissues%2F89&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865545005013%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=U%2BjBLba6WGm1%2F0muibVd0WfZkUWvJIpjUSwJfjovipI%3D&reserved=0>. The problem we are having in evaluating all this is that there isn't really any specification to speak of, as I tried to point out. One can take guesses as to what the expected behavior is likely to be, but that is very far from ideal and normally not even close to acceptable, right? That's fair. >From my perspective, the ideal outcome here would be: 1) Getting agreement on this specific issue that's currently causing developer pain, and moving forward in that direction. 2) Properly specifying the correct behavior for the rest of the broader API, in ways that would enable interoperable implementations (and reduce developer pain in the future). It seems like (2) requires Someone(tm) to take on the work of gathering the different unspecified behaviors, opening an issue to discuss each one, reaching agreement on them and pushing to align existing implementations. Maybe we can decouple (1) and (2), but I'd like to see we have a concrete plan for (2) before we do that. Anupam - who would be best positioned to take on that work? -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org<mailto:blink-dev+unsubscr...@chromium.org>. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7a237c30-9d53-4181-9c5d-1954d2bf6a0cn%40chromium.org<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fd%2Fmsgid%2Fblink-dev%2F7a237c30-9d53-4181-9c5d-1954d2bf6a0cn%2540chromium.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865545025007%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=N5XUHZ0JHZf%2BvAv%2FjafLcgnC272NRR1eRo%2F9YwKOxV0%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org<mailto:blink-dev+unsubscr...@chromium.org>. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-e-Y3%3DSn_LQ7qCLKahrg8WaOfoi4LR1TGMN4%3D5-Dn7kQ%40mail.gmail.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fd%2Fmsgid%2Fblink-dev%2FCAM0wra-e-Y3%253DSn_LQ7qCLKahrg8WaOfoi4LR1TGMN4%253D5-Dn7kQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865545034995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m%2Fe6UwXvLekHYE8MpnY3i93dWSwevlUcsUb6n3JeYMQ%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org<mailto:blink-dev+unsubscr...@chromium.org>. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/SN6PR00MB03977ABE1FD1C66C98131F60CF859%40SN6PR00MB0397.namprd00.prod.outlook.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fd%2Fmsgid%2Fblink-dev%2FSN6PR00MB03977ABE1FD1C66C98131F60CF859%2540SN6PR00MB0397.namprd00.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Csnianu%40microsoft.com%7C7ce8213b0745434ca3bd08d99aa744c5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637710865545044990%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yTORXHU3b6mB%2F5z9YL6hSGIiyt5Yy1QTDBVusf73MdE%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/DM5PR00MB0391A4E6B8DB02F48B43ED57CF8A9%40DM5PR00MB0391.namprd00.prod.outlook.com.