Why do you call it a "user gesture" and not "consent" as it should absolutely be? Is it to reinforce the notion that users' actions are only to be taken as mere suggestions and ignored if they are contrary to your goals?
"user gesture" and "consent" are two completely different things.
Currently (until this bug) it’s supposed to trace back the call stack to the event that triggered it, and only allow it if the triggering event is something like a click. That’s what’s meant by “user gesture”, the opposite of code triggering it independently of the user.
“Consent” would be a positive acceptance in a browser controlled message box asking for permission to use the clipboard.
Most people agree that for copying to the clipboard the first is all that’s needed (there isn’t really a security concern here), for pasting from the clipboard the later is always required.
> Is it to reinforce the notion that users' actions are only to be taken as mere suggestions and ignored if they are contrary to your goals?
Wow, rude.
One possible answer to your question: there is no way for a browser to detect "consent", which is a subtle and nuanced concept, but user gestures have a hard and fast definition, so that's the proxy they use.
When a site wants access to my camera or microphone, the browser detects my consent by asking me. I don't see why listening to clipboard events shouldn't be treated in the same way. Likewise with mouse and keyboard tracking events.
The number of sites that reasonably need to know when I copy/paste or need to override what happens when I do that is approximately zero. There's no reason to allow it by default for all sites.
Currently (until this bug) it’s supposed to trace back the call stack to the event that triggered it, and only allow it if the triggering event is something like a click. That’s what’s meant by “user gesture”, the opposite of code triggering it independently of the user.
“Consent” would be a positive acceptance in a browser controlled message box asking for permission to use the clipboard.
Most people agree that for copying to the clipboard the first is all that’s needed (there isn’t really a security concern here), for pasting from the clipboard the later is always required.