|
|
|
|
|
|
by samwillis
1398 days ago
|
|
|
"user gesture" and "consent" are two completely different things. Currently (until this bug) it’s supposed to trace back the call stack to the event that triggered it, and only allow it if the triggering event is something like a click. That’s what’s meant by “user gesture”, the opposite of code triggering it independently of the user. “Consent” would be a positive acceptance in a browser controlled message box asking for permission to use the clipboard. Most people agree that for copying to the clipboard the first is all that’s needed (there isn’t really a security concern here), for pasting from the clipboard the later is always required. |
|
|
See the other discussion here: https://news.ycombinator.com/item?id=32614839