Interoperability issue: `navigator.clipboard.write()` and `navigator.clipboard.writeText()` user gesture requirement about clipboard-apis HOT 18 CLOSED

There has been a recent change in Chromium: In Chrome 107, attempting to write to the clipboard on page load now triggers a permission prompt. I have removed the code from webplatform.news to not bother my visitors.

from clipboard-apis.

This has been an issue for a while now. Stuff like this is why you shouldn't be enabling JavaScript on random websites.

from clipboard-apis.

Version 105.0.5195.54 (Official Build) (64-bit)
There is still a bug.

from clipboard-apis.

As of this commit, Chromium requires either user activation (at the time of the write) or an explicit permission grant (which is durable across many reads/writes) for writing to the clipboard. As noted in the spec, there are known use cases which rely on the permission grant flow as opposed to the user gesture.

from clipboard-apis.

@simevidas
You wrote about "writing to clipboard". The screenshot shows a dialog about "read from clipboard".
This is constantly mixed (at least in the media about this topic).

My code navigator.clipboard.writeText() works without any dialog or console log in chrome 108 (after user activation).
Edit: Sorry, you are right. The code and dialog text are not matching. 8-(
Tested with https://fluoridated-showy-fog.glitch.me

from clipboard-apis.

@tomayac Is this on the latest 104 stable build? I added the transient user activation requirement for write() method but not writeText() because of some internal site breakage where they are currently relying on this behavior. We have bugs to fix this crbug.com/1334203

from clipboard-apis.

I tested on 104.0.5112.101, yes.

from clipboard-apis.

Tested on Version 1.42.97 Chromium: 104.0.5112.102 (Official Build) (64-bit) - silent fail - no error, but no effect on clipboard as well

from clipboard-apis.

It should be noted that Chromium-based browsers do have some restrictions for writing text to the clipboard:

• Secure context (https)
• Chome is current app
• Script is running in the active tab

(https://groups.google.com/a/chromium.org/g/blink-dev/c/epeaao7l13M/m/b8ewAH5uBwAJ)

So if a web page is loaded into a background tab, it won’t be able to write to the clipboard.

from clipboard-apis.

Some developments in the Brave browser: brave/brave-core#14901

from clipboard-apis.

@evanstade your link is missing the protocol (https)

from clipboard-apis.

(Corrected link for #182 (comment): https://crrev.com/10300ac7da93a7e322274f1e.)

Are people fine with me closing the Issue as completed?

from clipboard-apis.

Perhaps I am stupid. Is this related to cve-2022-3075. If so I was under the impression this was patched. if I go to webplatfoem.news it continues to write to my clipboard. My chrome is: 106.0.5249.119, My Vivaldi is 5.5.2805.38, and Opera
is 91.0.4516.65.

from clipboard-apis.

#52 and #75 are both related?

from clipboard-apis.

Attempting to write to the clipboard should only trigger a prompt if there's no user action attached.

Yes, Chromium reuses the same permission for both gesture-less reads and writes. The text was not updated because reading is considered more powerful than writing.

from clipboard-apis.

Telling not the truth in such dialogs is IMO a very bad move.
I would reject reading my clipboard on most pages, but writing is often useful (perhaps not without user gesture, but still).

from clipboard-apis.

It is the truth in that the same underlying permission is used for both actions. Granting this permission will affect reading. To avoid permission fatigue, we try to avoid creating too many distinct permissions.

from clipboard-apis.

This issue is creating unnecessary noise in the clipboard repo. The original issue has already been addressed, so if there are any concerns/bugs, please open bugs in the chromium bug database. I'm going to close this issue.

from clipboard-apis.