On 2015-05-23 5:02 AM, Jesper Kristensen wrote:
Very nice, I am looking very much forward to using this.
It would be nice of you could also support paste. I agree that it is
more sensitive, so maybe you could go with a user prompt in that case?
The prompts as implemented in IE are horrible, but I think there could
be many better ways of doing it.
Here is one way I have thought of how a prompt could look like, since
you only allow it in relation to user interaction, you could make a
prompt that looks like a context menu for the element the user
interacted with, using a single word describing the action. I have
implemented a mockup at http://jsfiddle.net/vvjcgj5g/1/ but I am sure
Mozilla UX people could come up with better ways to do this. (My mockup
has a prompt for all three actions, but you could do it for paste only)
Handling paste is a difficult topic, and I definitely don't have a good
answer yet.
Prompting for paste has two issues:
1. I'm not sure if we can express a useful message allowing the user to
make a good decision, since explaining the risk would be difficult. It
will also be an annoying prompt since we would have to show it every
time that the page wants to paste, since the contents of the clipboard
may be different. (It may be OK to persist a permission for websites
served from secure origins without undermining the user's security, but
still, the problem of asking the user a meaningful question to them
remains to be solved.)
2. The synchronous nature of the execCommand API mandates a modal
prompt, which is terrible for user experience, so we would probably need
some kind of an out of band permission request. But that may make the
permission prompt less obvious since the website may call into the
out-of-band permission requesting API at a time that is unrelated to the
user trying to paste, which will make it even less obvious what the page
is asking for.
On the question of the specific form the prompt would take, I'm very
hesitant to overlay something on top of the content, since web
developers typically hate it when the browser does that, as they may
have specific requirements and needs over what appears in the content
area. But that is probably a relatively easier issue to solve than the
above two problems.
Cheers,
Ehsan
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
