chromium/src
0
Fork 0
Code Activity
Files
04dd1bc47332323cbd1d02f213545138d3cd41ed
src/third_party/blink/web_tests/wpt_internal/clipboard-apis/writeText-user-activation.https.html
Evan Stade 10300ac7da Async Clipboard API: gesture-less writes use same permission as reads. 
Before this change:
* plain text/images could be written to the clipboard without a user
  gesture or permission grant.
* reading any type and writing custom types would require a
  permission grant (but not a separate user gesture after that
  prompt).

With this change, the permission grant is extended to cover the case
of writing plain text/images to the clipboard without a user gesture.
Thus, plain text/image writes will require either a user gesture or a
permission grant.

Manual test: navigating to https://output.jsbin.com/yuliwoz/quiet
should now trigger a permission prompt.

Alternatives considered:
* A user gesture could be required in addition to a permission. This
breaks remote desktop use cases which are explicitly cited in the spec.
* A permission prompt could always be required (user gesture or not).
This introduces permission fatigue and breaks legitimate use cases
such as Gerrit (click one of the "copy to clipboard" buttons next to a
commit hash or filename below).

This also renames some variables since "allow without sanitization"
is a negative and difficult to understand in the context of a single
ClipboardPromise.

Bug: 1334203
Change-Id: I83cc5cb90df80bff0e07423b17b6dc408532bb0b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3866530
Reviewed-by: Anupam Snigdha <snianu@microsoft.com>
Reviewed-by: Austin Sullivan <asully@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Evan Stade <estade@chromium.org>
Reviewed-by: Gary Kacmarcik <garykac@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1044125}
2022-09-07 19:35:38 +00:00

31 lines
1.3 KiB
HTML
Raw Blame History

<!doctype html>
<meta charset="utf-8">
<title>navigator.clipboard.writeText() fails when read permission is denied and no user gesture is registered</title>
<link rel="help" href="https://w3c.github.io/clipboard-apis/#async-clipboard-api">
<body>Body needed for test_driver.click()</body>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src="resources/user-activation.js"></script>
<script>
'use strict';
promise_test(async t => {
// Without a user gesture, clipboard-read is the permission that's used.
await test_driver.set_permission({name: 'clipboard-read'}, 'denied');
await test_driver.set_permission({name: 'clipboard-write'}, 'granted');
await promise_rejects_dom(t, 'NotAllowedError',
navigator.clipboard.writeText('xyz'));
// With a user gesture, clipboard-write is the permission that's used.
// With Chromium, this permission is auto-granted.
await waitForUserActivation();
await navigator.clipboard.writeText('xyz');
await test_driver.set_permission({name: 'clipboard-read'}, 'granted');
const result = await navigator.clipboard.readText();
assert_equals(result, 'xyz');
}, 'navigator.clipboard.writeText() fails when permission denied');
</script>
View Git Blame Copy Permalink