On Mon, Oct 9, 2023 at 7:15 PM Anupam Snigdha <sni...@microsoft.com> wrote:
> Any answer on the other question regarding what the expected outcome of a > call like below would be? > > Currently we're throwing a JS exception > <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/clipboard/clipboard_promise.cc;drc=c5ac981ddffb22c613baf38bf69f3554f51894d0;l=248> > if > the unsanitized list contains a format other than `text/html`. > The code expects `text/html` at the first position of the array, but the explainer says "If text/html representation is present in the ClipboardItem and text/html is present in the unsanitized list", which suggests any position would be fine. Maybe make the explainer say what the code says or vice versa. In theory we could also add other built-in formats in the future where > sanitization is needed by-default on read(), but unsanitized content is > returned if the author explicitly opts into it. e.g. For `image/svg+xml`, > we could return sanitized content by-default > <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/clipboard/clipboard_writer.cc;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771;l=225> > where > styles would be inlined and <meta> tags would be stripped out by the > sanitizer, but if the authors want unsanitized content, then they can > explicitly opt into it by adding this format to the unsanitized list. > This sounds like a feasible extension to the current behavior. > Probably you could even remove the "hello" in `<div id="logDiv">hello</div>` > so the DIV is entirely empty to avoid any and all misunderstandings. > > Done. > Thank you! -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALgRrLmbemW%2B_Ojd7o7sz4XJti5ALBs6fN-41fnYOEgeTuageg%40mail.gmail.com.
