Avoid showing the "Paste" button for `navigator.clipboard.read*()` when the user's privacy isn't affected
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, enhancement)
Tracking
()
Tracking | Status | |
---|---|---|
firefox122 | --- | fixed |
People
(Reporter: mbrodesser-Igalia, Assigned: edgar)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files, 6 obsolete files)
Includes not showing the "Paste" button when copy-pasting within the same document/origin; see the "Security and Privacy" section of https://webkit.org/blog/10855/.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•1 year ago
•
|
||
Currently, we show the paste contextmenu to grand user permission every time when the page tries to read clipboard data programmatically via async clipboard API, but sometimes it might be annoyed if the user only copy/paste data within the same origin, for example editing a Google Doc. Webkit has implemented two mechanisms to improve the user experience.
- If the user is explicitly triggering a paste during the gesture (for instance, using a keyboard shortcut on macOS such as ⌘V or pasting using the “Paste” action on the callout bar on iOS), WebKit will allow the page to programmatically read the contents of the clipboard.
- Programmatic clipboard access is also automatically granted in the case where the contents of the system clipboard were written by a page with the same security origin.
We would like to implement the similar behavior, too. i.e.
- Allow the page to programmatically read clipboard in
paste
event handler. - Allow the page to programmatically read clipboard if the clipboard data is from the same origin. (data from external application will be treated as from different origin)
And here are some rough plan to implement the same-origin checks,
- In Cocoa widget, there is a clipboard cache mechanism, we cache the
nsITransferable
that is written to system clipboard by gecko. And if the system clipboard isn't changed by other application, we return the data stored in cachednsITransferable
for the subsequent clipboard access from gecko. I plan to build the same-origin checks on the top of it. - Apply other platforms to same clipboard cache mechanism which requires a refactoring on nsBaseClipboard (bug 1773707).
- Storing the principle that trigger the system clipboard writing in nsITransferable::requestingOrigin,
- When reading clipboard data programmatically,
- If there is no valid data in clipboard cache, show the paste contextmenu to grand user permission.
- Otherwise, check the principle stored in the cache with the requesting principle.
2.1. if they are different origin, show the paste contextmenu to grand user permission.
2.2. Otherwise, automatically grant the permission.
Assignee | ||
Updated•11 months ago
|
Assignee | ||
Comment 2•6 months ago
|
||
Assignee | ||
Comment 3•6 months ago
|
||
Displaying the paste context menu for background tabs can be surprising and
confusing for users, so we reject the request and don't allow it being associated
with existing pending request.
Depends on D190405
Assignee | ||
Comment 4•6 months ago
|
||
And don't allow new request being associated with existing pending request if
the requests are from different origin.
Depends on D190761
Assignee | ||
Comment 5•6 months ago
|
||
Depends on D190796
Assignee | ||
Comment 6•6 months ago
|
||
Depends on D190848
Assignee | ||
Comment 7•6 months ago
|
||
Assignee | ||
Comment 8•6 months ago
|
||
Assignee | ||
Comment 9•6 months ago
|
||
Assignee | ||
Comment 10•6 months ago
|
||
Updated•6 months ago
|
Updated•6 months ago
|
Updated•6 months ago
|
Updated•6 months ago
|
Updated•6 months ago
|
Assignee | ||
Comment 11•5 months ago
|
||
This patch makes the clipboard context menu trigger from the parent process rather
than the content process. A chrome-only event, MozClipboardReadPaste
, is dispatched
to the chrome document to initiate paste context menu. When the paste context
menu is either clicked or dismissed, the clipboard-contextmenu-*
observer is
triggered.
The behavior of handling multiple requests should remain unchanged, new tests are
added to ensure that.
Depends on D182108
Assignee | ||
Comment 12•5 months ago
|
||
Displaying the paste context menu for background tabs can be surprising and
confusing for users, so we reject the request and don't allow it being associated
with existing pending request.
Depends on D192935
Updated•5 months ago
|
Assignee | ||
Comment 13•5 months ago
|
||
And don't allow new request being associated with existing pending request if
the requests are from different origin.
Depends on D192974
Updated•5 months ago
|
Updated•5 months ago
|
Updated•5 months ago
|
Updated•5 months ago
|
Updated•5 months ago
|
Assignee | ||
Comment 14•5 months ago
•
|
||
Comment 15•5 months ago
|
||
Comment on attachment 9357683 [details]
Bug 1777448 - Part 1: Handle clipboard contextmenu in parent process; r?nika!
Revision D190405 was moved to bug 1866994. Setting attachment 9357683 [details] to obsolete.
Updated•5 months ago
|
Updated•5 months ago
|
Assignee | ||
Comment 16•5 months ago
|
||
Comment 17•5 months ago
|
||
Pushed by echen@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/32841cae9b3b Part 1: Don't not show paste contextmenu for background tab; r=nika,hsivonen https://hg.mozilla.org/integration/autoland/rev/6dee3dce64ad Part 2: Suppress the paste context menu when the clipboard data originates from a same-origin page; r=nika
Comment 18•5 months ago
|
||
Backed out for causing bc failures in browser_navigator_clipboard_contextmenu_suppression.js
- Backout link
- Push with failures
- Failure Log
- Failure line: TEST-UNEXPECTED-FAIL | dom/events/test/clipboard/browser_navigator_clipboard_contextmenu_suppression.js | Test timed out -
Comment 19•4 months ago
|
||
Pushed by echen@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/28a38aeacd83 Part 1: Don't not show paste contextmenu for background tab; r=nika,hsivonen https://hg.mozilla.org/integration/autoland/rev/bdca89fb71d5 Part 2: Suppress the paste context menu when the clipboard data originates from a same-origin page; r=nika
Assignee | ||
Updated•4 months ago
|
Comment 20•4 months ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/28a38aeacd83
https://hg.mozilla.org/mozilla-central/rev/bdca89fb71d5
Description
•