FF148 MDN Docs work for this can be tracked in https://github.com/mdn/content/issues/42747 I have read the post above. My understanding is as below - can you confirm the questions/open bits? For web content: 1. Prior to this change, if you called `Document.execCommand()` with the `"paste"` option, the method would simply return `false` (i.e. pasting into content was not allowed) 2. After this change, if you call the option with content copied from the same-origin it will succeed. If you call the option with content copied cross-origin it will pop up a little "Paste" UI that you need to click to paste. If you don't click the paste the method will return false and copying will not happen. For Web Extensions: 3. After this change, if you call the method in a web extension that has the `clipboardRead` permission the paste will succeed both for same-origin and cross-origin content 4. If you call this for paste without that permission presumably same origin would succeed but you'd get the same prompt as for ordinary content? 5. What about before the change - did the command just not work? 6. The [spec (https://w3c.github.io/editing/docs/execCommand/#the-paste-command) indicates - that the method should throw a SecurityError if it isn't allowed to read the content of the clipboard. Is that supported? - transient activation is require - is that also required here? 7. Can you user permissions policy (or feature-policY) on a cross-origin page to allow it to copy cross origin content without the prompt 8. Is there any particular release note you would like for this in MDN?
Bug 1998195 Comment 17 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
FF148 MDN Docs work for this can be tracked in https://github.com/mdn/content/issues/42747 I have read the comment above https://bugzilla.mozilla.org/show_bug.cgi?id=1998195#c2. My understanding is as below - can you confirm the questions/open bits? For web content: 1. Prior to this change, if you called `Document.execCommand()` with the `"paste"` option, the method would simply return `false` (i.e. pasting into content was not allowed) 2. After this change, if you call the option with content copied from the same-origin it will succeed. If you call the option with content copied cross-origin it will pop up a little "Paste" UI that you need to click to paste. If you don't click the paste the method will return false and copying will not happen. For Web Extensions: 3. After this change, if you call the method in a web extension that has the `clipboardRead` permission the paste will succeed both for same-origin and cross-origin content 4. If you call this for paste without that permission presumably same origin would succeed but you'd get the same prompt as for ordinary content? 5. What about before the change - did the command just not work? 6. The [spec (https://w3c.github.io/editing/docs/execCommand/#the-paste-command) indicates - that the method should throw a SecurityError if it isn't allowed to read the content of the clipboard. Is that supported? - transient activation is require - is that also required here? 7. Can you user permissions policy (or feature-policY) on a cross-origin page to allow it to copy cross origin content without the prompt 8. Is there any particular release note you would like for this in MDN?
FF148 MDN Docs work for this can be tracked in https://github.com/mdn/content/issues/42747 I have read the comment above https://bugzilla.mozilla.org/show_bug.cgi?id=1998195#c2. My understanding is as below - can you confirm the questions/open bits? For web content: 1. Prior to this change, if you called `Document.execCommand()` with the `"paste"` option, the method would simply return `false` (i.e. pasting into content was not allowed) 2. After this change, if you call the option with content copied from the same-origin it will succeed. If you call the option with content copied cross-origin it will pop up a little "Paste" UI that you need to click to paste. If you don't click the paste the method will return false and copying will not happen. For Web Extensions: 3. After this change, if you call the method in a web extension that has the `clipboardRead` permission the paste will succeed both for same-origin and cross-origin content. 4. If you call this for paste without that permission presumably same origin would succeed but you'd get the same prompt in extension as for ordinary content? 5. What about before the change - did the command just not work? NOTE however for ^^^ - from https://github.com/mdn/content/pull/42263#pullrequestreview-3708855702 it looks like FF and Safari don't support those permissions so presumably the read/write just always succeeds? Perhaps we should simply note that the copy and paste are implemented with the clipboard API on FF and Safari and will behave in the same way a paste using that API? 6. The [spec (https://w3c.github.io/editing/docs/execCommand/#the-paste-command) indicates - that the method should throw a SecurityError if it isn't allowed to read the content of the clipboard. Is that supported? - transient activation is require - is that also required here? 7. Can you user permissions policy (or feature-policY) on a cross-origin page to allow it to copy cross origin content without the prompt 8. Is there any particular release note you would like for this in MDN?