Open Bug 1938618 Opened 3 months ago Updated 7 days ago

Make navigator.clipboard.read() do all DLP requests at once

Categories

(Firefox :: Data Loss Prevention, defect)

Product:
Firefox
Component:
Data Loss Prevention
Type:
defect

Tracking

()

People

(Reporter: gstoll, Unassigned)

References

(Depends on 1 open bug)

Details

Attachments

(1 obsolete file)

Unlike the clipboard event case, navigator.clipboard.read() does separate requests for each flavor of the clipboard, meaning that we can't use the same user_action_id for them.

To fix this we'd need to make ClipboardDataSnapshot::GetData() analyze the full contents of the clipboard, like we do in ClipboardContentAnalysisParent::RecvGetAllClipboardDataSync().

I don't think this is a blocker for 1.0 because if we only analyze one format on the clipboard this doesn't matter.

See comments in browser_clipboard_read_async_content_analysis.js for how to fix up the test after doing this.

Summary: Make navigator.clipboard.read() use one DLP request → Make navigator.clipboard.read() do all DLP requests at once

I take back that "if we only analyze one format on the clipboard this doesn't matter" - this call explicitly gets all of the clipboard contents, and if it's being done in this way it's inconvenient to only send one of those formats. So fixing this would let us easily only analyze one format. Sigh.

I'll make it a blocker for now.

Blocks: 1882607

The severity field is not set for this bug.
:handyman, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(davidp99)
Severity: -- → S3
Flags: needinfo?(davidp99)

OK, a few things:

If we implement bug 1938188 and only analyze the text contents of the clipboard, I think this would not be so bad. We'd just do one DLP request (with a corresponding dialog) each time the JS code reads the text contents, which I'm guessing would only be one time for most cases.

However, I think this wouldn't be too hard to fix. In nsClipboardProxy::GetDataSnapshotSync() we already call contentAnalysis->SendGetAllClipboardDataSync() and wrap the result in a nsBaseClipboard::ClipboardPopulatedDataSnapshot. I think if we do a similar thing in nsClipboardProxy::GetDataSnapshot() that would fix this issue, and it would just require adding a GetAllClipboardData (non-sync) message to PClipboardContentAnalysis.

Assignee: nobody → gstoll
Status: NEW → ASSIGNED

This is more complicated than I had anticipated, and I don't think the consequences are very bad, so I'm making this not a 1.0 blocker and setting it aside for now.

After chatting with :edgar, we'd like to make a new method, something like Result<nsCOMPtr<nsISupports>, nsresult> GetNativeClipboardData(ClipboardType aWhichClipboard, const nsACString& aFlavor); that would return the full clipboard contents, and make navigator.clipboard.read() use that. That would make this bug significantly easier to implement.

Assignee: gstoll → nobody
Status: ASSIGNED → NEW
No longer blocks: 1882607
Attachment #9459471 - Attachment is obsolete: true
Depends on: 1951225
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: