Skip to content

Add Clipboard Feature Policy #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add Clipboard Feature Policy #120

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
66edd90
test change
Jun 2, 2020
17ac890
Clipboard Spec: Add Feature Policy Integration
Jun 13, 2020
a568a35
remove extraneous git add -A
Jun 13, 2020
8c644e6
Expand upon feature policy checks per review
Jun 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 29 additions & 4 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -626,11 +626,15 @@ urlPrefix: https://w3c.github.io/FileAPI/#dfn-; type: dfn;

1. Let |p| be a new [=Promise=].

1. If the [=current settings object's=] responsible document is not
[=allowed to use=] the "clipboard-write" feature, then reject |p|
with a "NotAllowedError" DOMException.

Comment on lines 627 to +632
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This current algorithm currently continues with the rejected promise, instead of returning it. Let's do:

Suggested change
1. Let |p| be a new [=Promise=].
1. If the [=current settings object's=] responsible document is not
[=allowed to use=] the "clipboard-write" feature, then reject |p|
with a "NotAllowedError" DOMException.
1. If the [=current settings object's=] responsible document is not
[=allowed to use=] the "clipboard-write" feature, then
return a promise rejected with a "NotAllowedError" DOMException.
1. Let |p| be a new [=Promise=].

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some nits... I think you can link [=responsible document=] and [=a promise rejected with=] ... please confirm by looking up the terms at https://respec.org/xref/ ... you can probably link {{DOMException}} too.

1. Run the following steps [=in parallel=]:

1. Let |r| be the result of running [=check clipboard read permission=] [=in parallel=]

1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException
1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException.

1. Let |data| be a copy of the [=system clipboard data=] represented as
a sequence of {{ClipboardItem}}s.
Expand All @@ -655,11 +659,15 @@ urlPrefix: https://w3c.github.io/FileAPI/#dfn-; type: dfn;

1. Let |p| be a new [=Promise=].

1. If the [=current settings object's=] responsible document is not
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above... immediately return the rejected promise, otherwise continue in parallel.

[=allowed to use=] the "clipboard-write" feature, then reject |p|
with a "NotAllowedError" DOMException.

1. Run the following steps [=in parallel=]:

1. Let |r| be the result of running [=check clipboard read permission=] [=in parallel=]

1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException
1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException.

1. Let |data| be a copy of the [=system clipboard data=].

Expand Down Expand Up @@ -689,11 +697,15 @@ urlPrefix: https://w3c.github.io/FileAPI/#dfn-; type: dfn;

1. Let |p| be a new [=Promise=].

1. If the [=current settings object's=] responsible document is not
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above here too...

[=allowed to use=] the "clipboard-write" feature, then reject |p|
with a "NotAllowedError" DOMException.

1. Run the following steps [=in parallel=]:

1. Let |r| be the result of running [=check clipboard write permission=] [=in parallel=]

1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException
1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException.

1. Let |cleanItemList| be an empty sequence<{{Blob}}>.

Expand Down Expand Up @@ -730,11 +742,15 @@ urlPrefix: https://w3c.github.io/FileAPI/#dfn-; type: dfn;

1. Let |p| be a new [=Promise=].

1. If the [=current settings object's=] responsible document is not
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same... 😊

[=allowed to use=] the "clipboard-write" feature, then reject |p|
with a "NotAllowedError" DOMException.

1. Run the following steps [=in parallel=]:

1. Let |r| be the result of running [=check clipboard write permission=] [=in parallel=]

1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException
1. If |r| is not "granted", then reject |p| with a "NotAllowedError" DOMException.

1. Let |newItemList| be an empty sequence<{{ClipboardItem}}>.

Expand Down Expand Up @@ -1080,6 +1096,15 @@ urlPrefix: https://w3c.github.io/FileAPI/#dfn-; type: dfn;

</div><!-- algorithm -->

<h2 id="feature-policy-integration">Feature Policy Integration</h2>

This specification defines two [=policy-controlled features=] identified by the
strings <code>"clipboard-read"</code> and <code>"clipboard-write"</code>, which
correspond to the permissions of the same name. <code>"clipboard-read"</code>
restricts {{Clipboard/read()}} and {{Clipboard/readText()}}, and
<code>"clipboard-write"</code> restricts {{Clipboard/write()}} and
{{Clipboard/writeText()}}. Both have a [=default allowlist=] of
<code>["self"]</code>.

<h2 id="security">Security Considerations</h2>

Expand Down