1. Introduction
This section is non-normative.
This specification defines how the system clipboard is exposed to web applications.
There are two general APIs described in this specification:
-
Clipboard Event API - This API provides a way to hook into the common clipboard operations of cutting, copying and pasting so that web application can adjust the clipboard data as required.
-
Async Clipboard API - This API provides direct access to read and write the clipboard data. Since this is considered to be a powerful feature, access to this API is controlled by a permission.
2. Use Cases
This section is non-normative.
2.1. Changing Default Clipboard Operations
There are many scenarios where it is desireable to change the default clipboard operations (cut/copy/paste). Here are a few examples:
- Metadata When copying text from a repository of documents, it can be useful for the copied text to include metadata about the source of the copied content.
- Rich content editing When copying text which contains hyperlinks or other structure, it is often useful to be able to reformat the content to preserve important information.
- Graphics with built-in semantics In order to make web applications which allow the manipulation of rich text, or of graphic content such as [SVG11], it is useful to provide a mechanism that allows for copying more than just the rendered content.
- Mathematical information With content such as mathematics, simply copying rendered text and pasting it into another application generally leads to most of the semantics being lost. MathML often needs to be transformed to be copied as plain text, for example to make sure "to the power of" is shown with the caret "^" sign in a formula plain-text input. The XML source could also be placed in the clipboard with the appropriate transformation occurring at paste time.
2.2. Remote Clipboard Synchronization
For web applications that communicate with remote devices (e.g., remote access or remote shell applications), there is often a need for the clipboard data to be kept in sync between the two devices.
One important aspect of this use case is that it requires access to the clipboard in the absense of a user gesture or interaction.
write()
the data to the local clipboard. clipboardchange
events, read()
from the clipboard
whenever it is updated, and then send the new clipboard data to the remote device. 2.3. Trigger Clipboard Actions
Applications that provide an alternate interface to a user agent sometimes need to be able to trigger clipboard actions in the user agent.
As an example, consider a screen reader application that provides a more accessible interface to a standard web browser. While the reader can display content and allow the user to interact with it, actions like clipboard copy need to occur in the underlying browser to ensure that the clipboard content is set correctly (with any metadata added by the browser during copy).
3. Terminology
The term editable context means any element that is either an editing host, a textarea element, or an input element with its type attribute set to any of "text", "search", "tel", "url", "email", "password" or "number".
4. Model
The platform provides a system clipboard.
The system clipboard has a list of clipboard items that are collectively called the system clipboard data.
-
For the § 6 Clipboard Event API, the system clipboard data is exposed as a
DataTransfer
object that mirrors the contents of the clipboard. -
For the § 7 Asynchronous Clipboard API, the system clipboard data is exposed as a sequence of clipboard item objects that mirrors the contents of the clipboard.
5. Clipboard Events
5.1. Clipboard event interfaces
The ClipboardEvent interface extends the Event
interface.
dictionary :
ClipboardEventInit EventInit {DataTransfer ?=
clipboardData null ; };
- clipboardData
-
A
DataTransfer
object to hold data and meta data related to the event.
[Exposed =Window ]interface :
ClipboardEvent Event {(
constructor DOMString ,
type optional ClipboardEventInit = {});
eventInitDict readonly attribute DataTransfer ?; };
clipboardData
- clipboardData
-
The clipboardData attribute is an instance of the
DataTransfer
interface which lets a script read and manipulate values on the system clipboard during user-initiated copy, cut and paste operations. The associated drag data store is a live but filtered view of the system clipboard, exposing mandatory data types the implementation knows the script can safely access. For synthetic events, the drag data store contains the data added by the script that created the event.The clipboardData object’s
items
andfiles
properties enable processing of multi-part or non-textual data from the clipboard.
The interface can be used to construct events. An example is given below:
var pasteEvent = new ClipboardEvent('paste'); pasteEvent.clipboardData.items.add('My string', 'text/plain'); document.dispatchEvent(pasteEvent);
Note: Synthetic clipboard events will not actually modify the clipboard or the document. In other words, while the script above will fire a paste event, the data will not be pasted into the document.
5.2. Clipboard events
5.2.1. The clipboardchange
event
The clipboardchange
event fires whenever the contents of the system clipboard are changed. These changes could be due to any of the
following (non-exhaustive):
-
User-initiated cut or copy actions
-
Scripts that use the § 7 Asynchronous Clipboard API to write to the clipboard
-
Actions that update the clipboard outside the user agent
If the clipboard contents are changed outside the user agent, then the clipboardchange
event MUST fire when the user agent regains focus.
Since synthetic cut
and copy
events do not update the system clipboard,
they will not trigger a "clipboardchange" event.
5.2.2. The copy
event
When the user initiates a copy action, the user agent fires a clipboard event named copy
.
If the event is not canceled, the currently selected data will be copied to the system clipboard. The current document selection is not affected.
The copy
event bubbles, is cancelable, and is composed.
See § 8.1 The copy action for a detailed description of the processing model for this event.
A synthetic copy
event can be manually constructed and dispatched, but it
will not affect the contents of the system clipboard.
5.2.3. The cut
event
When the user initiates a cut action, the user agent fires a clipboard event named cut
.
In an editable context, if the event is not
canceled the action will place the currently selected data on the system clipboard and remove the selection from the document.
The cut
event fires before the selected data is removed. When
the cut operation is completed, the selection is collapsed.
In a non-editable context, the clipboardData
will
be an empty list. Note that the cut
event will still be fired
in this case.
The cut
event bubbles, is cancelable, and is composed.
See § 8.2 The cut action for a detailed description of the processing model for this event.
A synthetic cut
event can be manually constructed and dispatched, but it
will not affect the contents of the document or of the system clipboard.
5.2.4. The paste
event
When a user initiates a paste action, the user agent fires a clipboard event named paste
. The event fires before any clipboard data is inserted
into the document.
If the cursor is in an editable context, the paste action will insert clipboard data in the most suitable format (if any) supported for the given context.
The paste action has no effect in a non-editable context,
but the paste
event fires regardless.
The paste
event bubbles, is cancelable, and is composed.
See § 8.3 The paste action for a detailed description of the processing model for this event.
A synthetic paste
event can be manually constructed and dispatched, but it
will not affect the contents of the document.
5.3. Integration with other scripts and events
5.3.1. Event handlers that are allowed to modify the clipboard
Event handlers may write to the clipboard if any of the following is true:
-
The action which triggers the event is invoked from the user-agent’s own user interface, e.g. from a "Copy" menu entry or shortcut key.
-
The action which triggers the event is invoked from a scripting thread which is allowed to show a popup.
The implementation may allow other trusted event types to modify the clipboard if the implementation authors believe that those event types are likely to express user intention. The implementation may also support configuration that trusts specific sites or apps to modify the clipboard regardless of the origin of the scripting thread.
Synthetic cut
and copy
events must not modify data on the
system clipboard.
5.3.2. Event handlers that are allowed to read from clipboard
Event handlers may read data from the system clipboard if either of the following is true
-
The action that triggers the event is invoked from the user-agent’s own user interface, e.g. a "Paste" menu entry or shortcut key.
-
The script that triggers the action is running on a site which through an implementation-dependant mechanism is given permission to read data from the clipboard.
-
The action that triggers the event is triggered in an app with permissions to read the clipboard.
Synthetic paste
events must not give a script access to data on
the real system clipboard.
5.3.3. Integration with rich text editing APIs
If an implementation supports ways to execute clipboard commands through
scripting, for example by calling the document.execCommand()
method with the commands "cut",
"copy" and "paste", the implementation must trigger the
corresponding action, which again will dispatch the associated clipboard
event.
These are the steps to follow when triggering copy, cut or paste actions through a scripting API:
-
Execute the corresponding action synchronously.
-
Use the action’s return value as the return value for the API call.
Note: Copy and cut commands triggered through a scripting API will only affect the contents of the real clipboard if the event is dispatched from an event that is trusted and triggered by the user, or if the implementation is configured to allow this. Paste commands triggered through a scripting API will only fire paste events and give access to clipboard contents if the implementation is configured to allow this. How implementations can be configured to allow read or write access to the clipboard is outside the scope of this specification.
5.3.4. Interaction with other events
If the clipboard operation is triggered by keyboard input, the implementation must fire the corresponding event that initiates the clipboard operation. The event is asynchronous but must be dispatched before keyup events for the relevant keys.
The cut and paste actions may cause the implementation to dispatch other supported events, such as textInput, input, change, validation events, DOMCharacterDataModified and DOMNodeRemoved / DOMNodeInserted. Any such events are queued up to fire after processing of the cut/paste event is finished.
The implementation must not dispatch other input-related events like textInput, input, change, and validation events in response to the copy operation.
5.3.5. Event listeners that modify selection or focus
If the event listener modifies the selection or focusable area, the clipboard action must be completed on the modified selection.
6. Clipboard Event API
The Clipboard Event API allows you to override the default cut, copy and paste behavior of the user agent.
Access to the clipboard is performed using the standard DataTransfer
methods to mutate the items
on a ClipboardEvent
's clipboardData
attribute.
One consequence of this is that these clipboard APIs can only
access clipboard data in the context of a ClipboardEvent
handler.
Note: If you need to access the clipboard outside of a clipboard event handler, see § 7 Asynchronous Clipboard API.
Note: The Clipboard Event APIs are synchronous, so they are limited in what they can do. Actions which are potentially blocking (like asking for permission or transcoding a image) are not supported by these APIs. See § 7 Asynchronous Clipboard API for a more powerful API that can support blocking or other time-consuming actions.
6.1. Overriding the copy event
To override the default copy
event behavior, a copy
event
handler must be added and this event handler must call preventDefault()
to cancel the event.
Canceling the event is required in order for the system clipboard to be
updated with the data in clipboardData
.
If the ClipboardEvent
is not canceled, then the data from the
current document selection will be copied instead.
// Overwrite what is being copied to the clipboard. document.addEventListener('copy', function(e) { // e.clipboardData is initially empty, but we can set it to the // data that we want copied onto the clipboard. e.clipboardData.setData('text/plain', 'Hello, world!'); e.clipboardData.setData('text/html', '<b>Hello, world!</b>'); // This is necessary to prevent the current document selection from // being written to the clipboard. e.preventDefault(); });
6.2. Overriding the cut event
To override the default cut
event behavior, a cut
event
handler must be added and this event handler must call preventDefault()
to cancel the event.
Canceling the event is required in order for the system clipboard to be
updated with the data in clipboardData
.
If the ClipboardEvent
is not canceled, then the data from the
current document selection will be copied instead.
Note that canceling the cut
event will also prevent the document from
being updated (i.e., the current selection will not be removed). The event
handler will need to manually update the document to remove the currently
selected text.
// Overwrite what is copied to the clipboard. document.addEventListener('cut', function(e) { // e.clipboardData is initially empty, but we can set it to the // data that we want copied onto the clipboard as part of the cut. // Write the data that we want copied onto the clipboard. e.clipboardData.setData('text/plain', 'Hello, world!'); e.clipboardData.setData('text/html', '<b>Hello, world!</b>'); // Since we will be canceling the cut operation, we need to manually // update the document to remove the currently selected text. deleteCurrentDocumentSelection(); // This is necessary to prevent the document selection from being // written to the clipboard. e.preventDefault(); });
6.3. Overriding the paste event
To override the default paste
event behavior, a paste
event
handler must be added and this event handler must call preventDefault()
to cancel the event.
Canceling the event is required so that the user agent does not update the document with data from the system clipboard.
Note that canceling the paste
event will also prevent the document from
being updated (i.e., nothing will be pasted into the document). The event
handler will need to manually paste the data into the document.
Also note that, when pasting, the drag data store mode flag is read-only, hence calling setData()
from a paste
event handler will not modify the data that is
inserted, and not modify the data on the clipboard.
// Overwrite what is being pasted onto the clipboard. document.addEventListener('paste', function(e) { // e.clipboardData contains the data that is about to be pasted. if (e.clipboardData.types.indexOf('text/html') > -1) { var oldData = e.clipboardData.getData('text/html'); var newData = '<b>Ha Ha!</b> ' + oldData; // Since we are canceling the paste operation, we need to manually // paste the data into the document. pasteClipboardData(newData); // This is necessary to prevent the default paste action. e.preventDefault(); } });
6.4. Mandatory data types
The implementation must recognise the native OS clipboard format description
for the following data types, to be able to populate the DataTransferItemList
with the correct description for paste events, and
set the correct data format on the OS clipboard in response to copy and cut
events.
6.4.1. Reading from the clipboard
These data types must be exposed by paste events if a corresponding native type exists on the clipboard:
-
text/plain
-
text/html
-
image/png
6.4.2. Writing to the clipboard
These data types must be placed on the clipboard with a corresponding
native type description if added to a DataTransfer
object during copy and cut events.
-
text/plain
-
text/html
-
image/png
Warning! The data types that untrusted scripts are allowed to write to the clipboard are limited as a security precaution. Untrusted scripts can attempt to exploit security vulnerabilities in local software by placing data known to trigger those vulnerabilities on the clipboard.
7. Asynchronous Clipboard API
7.1. Navigator Interface
partial interface Navigator { [SecureContext ,SameObject ]readonly attribute Clipboard ; };
clipboard
7.2. ClipboardItem Interface
typedef Promise <(DOMString or Blob )>; [
ClipboardItemData SecureContext ,Exposed =Window ]interface {
ClipboardItem constructor (record <DOMString ,ClipboardItemData >,
items optional ClipboardItemOptions = {});
options readonly attribute PresentationStyle presentationStyle ;readonly attribute FrozenArray <DOMString >types ;Promise <Blob >getType (DOMString ); };
type enum {
PresentationStyle ,
"unspecified" ,
"inline" };
"attachment" dictionary {
ClipboardItemOptions PresentationStyle = "unspecified"; };
presentationStyle
clipboardItem = new ClipboardItem([items, options])
-
Creates a new
ClipboardItem
object. items denote list of representations, each representation has a mime type and a Promise toBlob
orDOMString
corresponding to the mime type, options can be used to fill itsClipboardItemOptions
, as per the example below.const format1= 'text/plain' ; const promise_text_blob= Promise. resolve( new Blob([ 'hello' ], { type: format1})); const clipboardItemInput= new ClipboardItem( {[ format1] : promise_text_blob}, { presentationStyle: "unspecified" }); clipboardItem.getType(type)
- Returns a Promise to the
Blob
corresponding to the mime type type. clipboardItem.types
- Returns the list of mime types contained in the clipboard item object.
A clipboard item is conceptually data that the user has expressed a desire to make shareable by invoking a "cut" or "copy" command. A clipboard item serves two purposes. First, it allows a website to read data copied by a user to the system clipboard. Second, it allows a website to write data to the system clipboard.
For example, if a user copies a range of cells from a spreadsheet of a native application, it will result in one clipboard item. If a user copies a set of files from their desktop, that list of files will be represented by multiple clipboard items.
Some platforms may support having more than one clipboard item at a time on the clipboard, while other platforms replace the previous clipboard item with the new one.
A clipboard item has a list of representations, each representation with an associated mime type (a MIME type) and data (a ClipboardItemData
).
In the example where the user copies a range of cells from a spreadsheet, it may be represented as an image (image/png), an HTML table (text/html), or plain text (text/plain).
Each of these MIME types describe a different representation of the same clipboard item at different levels of fidelity and make the clipboard item more consumable by target applications during paste.
Making the range of cells available as an image will allow the user to paste the cells into a photo editing app, while the text/plain format can be used by text editor apps.
A clipboard item has a presentation style (a PresentationStyle
). It helps distinguish whether apps "pasting" a clipboard item should insert the contents of an appropriate representation inline at the point of paste or if it should be treated as an attachment.
Web apps that support pasting only a single clipboard item should use the first clipboard item.
write()
chooses the last clipboard item.
Web apps that support pasting more than one clipboard item could, for example, provide a user interface that previews the contents of each clipboard item and allow the user to choose which one to paste. Further, apps are expected to enumerate the MIME types of the clipboard item they are pasting and select the one best-suited for the app according to some app-specific algorithm. Alternatively, an app can present the user with options on how to paste a clipboard item, e.g. "paste as image" or "paste formatted text", etc.
A ClipboardItem
object has an associated clipboard item, which is a clipboard item.
A ClipboardItem
object has an associated types array, which is a FrozenArray
<DOMString
>.
To create a ClipboardItem
object, given a clipboard item clipboardItem and a Realm realm, run these steps:
-
Let clipboardItemObject be a new
ClipboardItem
with realm. -
Set clipboardItemObject’s clipboard item to clipboardItem.
The new ClipboardItem(items, options)
constructor steps are:
-
If items is empty, then throw a
TypeError
. -
If options is empty, then set options["presentationStyle"] = "unspecified".
-
Set this's clipboard item to a new clipboard item.
-
Set this's clipboard item's presentation style to options["
presentationStyle
"]. -
Let types be a list of
DOMString
. -
For each (key, value) in items:
-
Let mimeType be the result of parsing a MIME type given key.
-
If mimeType is failure, then throw a
TypeError
. -
If this's clipboard item's list of representations contains a representation whose MIME type is mimeType, then throw a
TypeError
. -
Let representation be a new representation.
-
Set representation’s MIME type to mimeType.
-
Set representation’s data to value.
-
Append representation to this's clipboard item's list of representations.
-
Let mimeTypeString be the result of serializing a MIME type with mimeType.
-
Add mimeTypeString to types.
-
-
Set this's types array to the result of running create a frozen array from types.
7.2.1. presentationStyle
The presentationStyle
getter steps are to return this's clipboard item's presentation style.
7.2.2. types
The types
getter steps are to return this's types array.
7.2.3. getType(type)
This method must run the below steps:
-
Let realm be this's relevant realm.
-
Let mimeType be the result of parsing a MIME type given type.
-
If mimeType is failure, then throw a
TypeError
. -
Let itemTypeList be this's clipboard item's list of representations.
-
Let p be a new promise in realm.
-
For each representation in itemTypeList:
-
If representation’s MIME type is mimeType, then:
-
Let representationDataPromise be the representation’s data.
-
React to representationDataPromise:
-
If representationDataPromise was fulfilled with value v, then:
-
If v is a
DOMString
, then follow the below steps:-
Let dataAsBytes be the result of UTF-8 encoding v.
-
Let blobData be a
Blob
created using dataAsBytes with itstype
set to mimeType, serialized. -
Resolve p with blobData.
-
-
If v is a
Blob
, then follow the below steps:-
Resolve p with v.
-
-
-
If representationDataPromise was rejected, then:
-
Reject p with
"NotFoundError"
DOMException
in realm.Web developers might be interested in the underlying rejection reason.
-
-
-
Return p.
-
-
-
Reject p with
"NotFoundError"
DOMException
in realm. -
Return p.
7.3. Clipboard Interface
typedef sequence <ClipboardItem >; [
ClipboardItems SecureContext ,Exposed =Window ]interface :
Clipboard EventTarget {Promise <ClipboardItems >read ();Promise <DOMString >readText ();Promise <undefined >write (ClipboardItems );
data Promise <undefined >writeText (DOMString ); };
data
Some methods of the Clipboard
interface take or return multiple ClipboardItem
objects. However, not all platforms support more than one clipboard item; on such platforms, the algorithms below will ignore any ClipboardItem
objects beyond the first one that are passed to write()
, and read()
and readText()
only get one clipboard item from the OS.
A clipboard items object is a sequence of clipboard items.
A web author needs to create a data which is an array of ClipboardItem
s in order to write content to system clipboard using the write(data)
method. read()
returns a Promise to clipboard items object that represents contents of system clipboard.
The clipboard task source is triggered in response to reading or writing of system clipboard data.
7.3.1. read()
Theread()
method must run these steps:
-
Let realm be this's relevant realm.
-
Let p be a new promise in realm.
-
Run the following steps in parallel:
-
Let r be the result of running check clipboard read permission.
-
If r is false, then:
-
Queue a global task on the permission task source, given realm’s global object, to reject p with
"NotAllowedError"
DOMException
in realm. -
Abort these steps.
-
-
Let data be a copy of the system clipboard data represented as clipboard items. For the MIME types defined in the mandatory data types list, data MAY be sanitized, but image/png format has unsanitized payload to preserve meta data.
Some OSs contain multiple clipboard (e.g. Linux, "primary", "secondary", "selection"). Define from which of those data is read.
Note: As further described in § 10.3 Transcoding images this explicitly does not transcode images. Rather the original unmodified image data should be exposed to the website.
-
Queue a global task on the clipboard task source, given realm’s global object, to perform the below steps:
-
Let items be a sequence<
ClipboardItem
>. -
For each clipboard item underlyingItem of data:
-
Let item be the result of running the steps of create a ClipboardItem object given underlyingItem and realm.
-
Append item to items.
-
-
Resolve p with items.
-
-
-
Return p.
const items= await navigator. clipboard. read(); const textBlob= await items[ 0 ]. getType( "text/plain" ); const text= await ( new Response( textBlob)). text();
7.3.2. readText()
ThereadText()
method must run these steps:
-
Let realm be this's relevant realm.
-
Let p be a new promise in realm.
-
Run the following steps in parallel:
-
Let r be the result of running check clipboard read permission.
-
If r is false, then:
-
Queue a global task on the permission task source, given realm’s global object, to reject p with
"NotAllowedError"
DOMException
in realm. -
Abort these steps.
-
-
Let data be a copy of the system clipboard data represented as clipboard items. For the MIME types defined in the mandatory data types list, data MAY contain the sanitized copy of text/plain format.
Some OSs contain multiple clipboard (e.g. Linux, "primary", "secondary", "selection"). Define from which of those data is read.
-
Queue a global task on the clipboard task source, given realm’s global object, to perform the below steps:
-
Let dataList be a sequence of clipboard items.
-
If data’s size is greater than 1, then add data[0] to dataList.
Reading multiple clipboard items should be fixed in https://github.com/w3c/clipboard-apis/issues/166.
-
Let itemTypeList be dataList’s clipboard item's list of representations.
-
For each representation in itemTypeList:
-
If representation’s MIME type essence is "text/plain", then:
-
Let representationDataPromise be the representation’s data.
-
React to representationDataPromise:
-
If representationDataPromise was fulfilled with value v, then:
-
If v is a
DOMString
, then follow the below steps:-
Resolve p with v.
-
-
If v is a
Blob
, then follow the below steps:-
Let string be the result of UTF-8 decoding v’s underlying byte sequence.
-
Resolve p with string.
-
-
-
If representationDataPromise was rejected, then:
-
Reject p with
"NotFoundError"
DOMException
in realm.
-
-
-
-
-
Reject p with
"NotFoundError"
DOMException
in realm. -
Return p.
-
-
navigator. clipboard. readText(). then( function ( data) { console. log( "Your string: " , data); });
7.3.3. write(data)
Thewrite(data)
method must run these steps:
-
Let realm be this's relevant realm.
-
Let p be a new promise in realm.
-
Run the following steps in parallel:
-
Let r be the result of running check clipboard write permission.
clipboard-write was removed in https://github.com/w3c/clipboard-apis/pull/164.
-
If r is false, then:
-
Queue a global task on the permission task source, given realm’s global object, to reject p with
"NotAllowedError"
DOMException
in realm. -
Abort these steps.
-
-
Queue a global task on the clipboard task source, given realm’s global object, to perform the below steps:
-
Let dataList be a sequence<
ClipboardItem
>. -
If data’s size is greater than 1, and the current operating system does not support multiple native clipboard items on the system clipboard, then add data[0] to dataList, else, set dataList to data.
when data contains multiple items and the operating system supports multiple native clipboard items, the current algorithm writes the items in sequence to the system clipboard instead of writing them collectively.
-
For each clipboardItem in dataList:
-
For each representation in clipboardItem’s clipboard item's list of representations:
-
Let representationDataPromise be the representation’s data.
-
React to representationDataPromise:
-
If representationDataPromise was fulfilled with value v, then:
-
If representationDataPromise was rejected, then:
-
Reject p with
"NotAllowedError"
DOMException
in realm. -
Abort these steps.
-
-
-
-
For each blob in itemList:
-
Let type be the blob’s
type
. -
If type is not in the mandatory data types list, then reject p with
"NotAllowedError"
DOMException
in realm and abort these steps. -
Let cleanItem be an optionally sanitized copy of blob.
-
If sanitization was attempted and was not successfully completed, then follow the below steps:
-
Reject p with
"NotAllowedError"
DOMException in realm. -
Abort these steps.
-
-
Append cleanItem to cleanItemList.
-
-
Let option be clipboardItem’s clipboard item's presentation style.
-
Write blobs and option to the clipboard with cleanItemList and option.
-
-
Resolve p.
-
-
Return p.
var data= [ new ClipboardItem({ "text/plain" : Promise. resolve( new Blob([ "Text data" ], { type: "text/plain" }) }))]; navigator. clipboard. write( data). then( function () { console. log( "Copied to clipboard successfully!" ); }, function () { console. error( "Unable to write to clipboard. :-(" ); });
7.3.4. writeText(data)
ThewriteText(data)
method must run these steps:
-
Let realm be this's relevant realm.
-
Let p be a new promise in realm.
-
Run the following steps in parallel:
-
Let r be the result of running check clipboard write permission.
clipboard-write was removed in https://github.com/w3c/clipboard-apis/pull/164.
-
If r is false, then:
-
Queue a global task on the permission task source, given realm’s global object, to reject p with
"NotAllowedError"
DOMException in realm. -
Abort these steps.
-
-
Queue a global task on the clipboard task source, given realm’s global object, to perform the below steps:
-
Let textBlob be a new
Blob
created with:type
attribute set to "text/plain;charset=utf-8
", and its underlying byte sequence set to the UTF-8 encoding of data.Note: On Windows replace `\n` characters with `\r\n` in data before creating textBlob.
-
Add textBlob to itemList.
-
Let option be set to "unspecified".
-
Write blobs and option to the clipboard with itemList and option.
-
Resolve p.
-
-
Return p.
await navigator. clipboard. writeText( "Howdy, partner!" );
8. Clipboard Actions
This section defines clipboard actions and the processing model for event dispatch.
Each clipboard action has two flags called script-triggered and script-may-access-clipboard.
The script-triggered flag is set if the action runs because
of a script, for example a document.execCommand()
call.
Future scripting APIs that interact with the clipboard should also use
these actions, and the script-triggered flag must be set
accordingly.
The script-may-access-clipboard flag is set as follows:
-
If action is copy or cut and the script thread is allowed to modify the clipboard, then
-
Set the action’s script-may-access-clipboard flag
-
-
If action is paste and the script thread is allowed to read from clipboard, then
-
Set the action’s script-may-access-clipboard flag.
-
8.1. The copy action
The copy action consists of the following steps:
-
If the script-triggered flag is set, then
-
If the script-may-access-clipboard flag is unset, then
-
Return false from the copy action, terminate this algorithm
-
-
-
Fire a clipboard event named
copy
-
If the event was not canceled, then
-
Copy the selected contents, if any, to the clipboard. Implementations should create alternate text/html and text/plain clipboard formats when content in a web page is selected.
-
-
Else, if the event was canceled, then
-
Call the write content to the clipboard algorithm, passing on the
DataTransferItemList
list items, a clear-was-called flag and a types-to-clear list.
-
-
Return true from the copy action
8.2. The cut action
The cut action consists of the following steps:
-
If the script-triggered flag is set, then
-
If the script-may-access-clipboard flag is unset, then
-
Return false from the cut action, terminate this algorithm
-
-
-
Fire a clipboard event named
cut
-
If the event was not canceled, then
-
If there is a selection in an editable context where cutting is enabled, then
-
Copy the selected contents, if any, to the clipboard. Implementations should create alternate text/html and text/plain clipboard formats when content in a web page is selected.
-
Remove the contents of the selection from the document and collapse the selection.
-
Queue tasks to fire any events that should fire due to the modification, see § 5.3 Integration with other scripts and events for details.
-
-
Else, if there is no selection or the context is not editable, then
-
Return false
-
-
-
Else, if the event was canceled, then
-
Call the write content to the clipboard algorithm, passing on the
DataTransferItemList
list items, a clear-was-called flag and a types-to-clear list.
-
-
Return true from the cut action
8.3. The paste action
For the paste action, the script-may-access-clipboard flag depends on an implementation-specific permission mechanism for determining what sites or apps may read from the clipboard. When a paste action is triggered by a script, the implementation must not make clipboard contents available without the user’s permission. If the permission has not already been granted, the permission prompt must include the hostname of the document associated with the script thread.
The paste action consists of the following steps:
-
If the script-triggered flag is set, then
-
If script-may-access-clipboard is unset, then
-
Return false from the paste action, terminate this algorithm
-
-
-
Fire a clipboard event named
paste
-
If the event was not canceled, then
-
If there is a selection or cursor in an editable context where pasting is enabled, then
-
Insert the most suitable content found on the clipboard, if any, into the context.
-
Queue tasks to fire any events that should fire due to the modification, see § 5.3 Integration with other scripts and events for details.
-
-
Else
-
Return false
-
-
-
Else, if the event was canceled
-
Return false
-
-
Return true from the action
9. Permissions API Integration
The [permissions] API provides a uniform way for websites to access powerful features like the clipboard. It allows websites to request permissions from users and query which permissions they have.
For the clipboard, one permission is defined: "clipboard-write"
Note: Clipboard permissions currently only apply to the Async Clipboard API. Future versions of this specification may be updated to apply this permission to other Clipboard interactions.
These clipboard permissions are powerful features permission-related algorithms and types are defined as follows:
- permission descriptor type
-
dictionary
:ClipboardPermissionDescriptor PermissionDescriptor {boolean
=allowWithoutGesture false ; };
There are 4 clipboard permissions:
-
{ name: "clipboard-write", allowWithoutGesture: false }
-
{ name: "clipboard-write", allowWithoutGesture: true }
With the following relationships:
-
{ "clipboard-write" + true }
is stronger than{ "clipboard-write" + false }
While user agents MUST support the ClipboardPermissionDescriptor
as described
in this specification, they, of course, retain complete control over the default
settings and how (or if) they are exposed to the user.
-
{ "clipboard-write" + false }
is exposed for user control -
{ "clipboard-write" + true }
is always denied
9.1. Clipboard read permission
9.1.1. check clipboard read permission
-
Let hasGesture be true if the relevant global object of this has transient activation, false otherwise.
-
If hasGesture then,
-
Return true if the current script is running as a result of user interaction with a "Paste" element created by the user agent or operating system.
-
-
Return false.
9.2. Clipboard write permission
9.2.1. check clipboard write permission
-
Let writeWithoutGesture be the permission state of the
{ name: "clipboard-write", allowWithoutGesture: true }
permission. -
If writeWithoutGesture is granted, then return true.
-
Let hasGesture be true if the relevant global object of this has transient activation, false otherwise.
-
If hasGesture then,
-
Let systemCopy be true if the current script is running as a result of user interaction with a "cut" or "copy" element created by the user agent or operating system.
-
If systemCopy is true, then return true.
-
Return the result of request permission to use the
{ name: "clipboard-write", allowWithoutGesture: false }
permission.Note: User agents may choose to request a stronger permission that will implicitly update this permission.
-
-
Return the result of request permission to use the
{ name: "clipboard-write", allowWithoutGesture: true }
permission.
10. Security Considerations
Enabling authors to change what is copied by a user, or to make an automated copy of something that was never selected and allowing unrestricted calls to paste information can raise various security concerns.
Some example scenarios include:
-
A user selects a link and copies it, but a different link is copied to the clipboard. The effect of this can range from an unexpected result on pasting to an attempted "phishing" attack.
-
(Self-XSS) Shell commands or executable script can be placed in the clipboard with the intent that the user will run the pasted content.
-
An image that is specially crafted to exploit bugs in the core OS image handling code can be written to the clipboard.
10.1. Pasting HTML and multi-part data
This section is non-normative.
There are certain security risks associated with pasting formatted or multi-part data.
-
The user might paste hidden data without realising it is there. This may happen if, for example, the markup includes <input type="hidden"> tags or HTML comments. Such hidden data might contain sensitive information.
-
The user might paste malicious JavaScript into a trusted page.
-
The implementation might grant scripts access to local files the user did not intend to expose.
To determine what policies to use, the factors we consider are:
-
The origin of the data being pasted
-
The origin of data sub-parts such as referenced images
-
The origin of the running script
This is an overview of the scenarios and the possible security policies:
Origin of data | Origin of script | Rules |
---|---|---|
Originates from online source | Same as data | Do not sanitize HTML. Do not access any local files. |
Different origin | Optionally sanitize content. Do not access any local files. | |
Originates from local application | Any | Do not sanitize HTML. Grant access to local files |
Some implementations mitigate the risks associated with pasting rich text by stripping potentially malicious content such as SCRIPT elements and javascript: links by default when pasting rich text, but allow a paste event handler to retrieve and process the original, un-sanitized data.
10.2. General security policies
The implementation must not download referenced online
resources, or expose their contents in the files
list
or DataTransferItemList
.
If the data on the clipboard is not from a local application, the implementation must not give access to any referenced local files. For example, if the data contains <img src="file://localhost/example.jpg"> but the data’s origin is an online resource, the implementation must not add an entry for example.jpg to the clipboardData.items list.
10.3. Transcoding images
To prevent malicious image data from being placed on the clipboard, the image data may be transcoded to produce a safe version of the image. This prevents websites from trying to exploit security vulnerabilities in other applications.
Implementations should not transcode images being read from the clipboard. Transcoding images can lose important metadata (such as the physical resolution of an image). This is also consistent with other methods in which images can be shared with a website (such as `<input type=file>`).
10.4. Nuisance considerations
Scripts may use the DataTransfer
API to annoy and confuse users by
altering the data on the system clipboard from copy and cut events. This
specification does not attempt to prevent such nuisances, though
implementations may add additional restrictions.
Implementations must handle scripts that try to place excessive amounts of data on the clipboard gracefully.
11. Privacy Considerations
Because these APIs provide access to the user’s clipboard data, there are serious privacy concerns due to the possibility that the clipboard will contain personally-identifiable information (PII) like names, addresses, or passwords.
In general, user agents must ensure that untrusted scripts do not get uncontrolled access to a user’s clipboard data through these APIs.
11.1. Privacy and the Clipboard Event API
The Clipboard Event API allows scripts running in the context of a clipboard event handler to access a copy of the system clipboard and potentially modify the data being written to the clipboard.
User agents should be aware of the following requirements with regards to securing the data accessed by the Clipboard Event API:
-
Objects implementing the
DataTransfer
interface to return clipboard data must not be available outside the ClipboardEvent event handler that the data is provided to. -
If a script stores a reference to an object implementing the
DataTransfer
interface to use from outside the ClipboardEvent event handler, all methods must be no-ops when called outside the expected context. -
Implementations must not let scripts create synthetic clipboard events to get access to real clipboard data (unless the user has configured it to do so).
Even though the Clipboard Event API is not covered by the Clipboard permission, user agents may choose to provide a method for the user to disable this API or to configure which sites are allowed to access it.
11.2. Privacy and the Asychronous Clipboard API
The Asynchronous Clipboard API is a powerful feature because it can allow access to the clipboard data from any script (access is not restricted to Clipboard Event handlers) and data can be accessed in the absence of a user provided gesture.
To help prevent abuse, this API must not be available unless the script is executing in the context of a document that has focus.
11.2.1. Privacy and Clipboard Permission
The Clipboard Permission gates access to this API, but user agents get to choose the permission defaults and which of these permission settings can be set by the user. For example, a user agent may choose to only allow access to the Asynchronous Clipboard API when a user gesture is present and always deny script requests for access without a gesture.
User agents may opt to have this permission automatically expire sometime after the user grants permission, for example, by having the permission expire:
-
After a set time from when the permission was first granted
-
After a set time from the user’s last visit to a site
-
When the user navigates away from the page
11.3. Other Privacy Concerns
If the user agent allows clipboard data to be read using document.execCommand("paste")
then the user agent must ensure that the user has explicitly allowed that access to take place.
12. Acknowledgements
This section is non-normative
The editors would like to acknowledge the contributions of the former editors who helped shepherd this specification through various meetings and mailing-list discussions to bring it to its current state.
-
Hallvord R. M. Steen
The editors would also like to acknowledge their intellectual debt to the documentation of Data Transfer functionalities from Microsoft [MICROSOFT-CLIP-OP] and earlier drafts of the [HTML5] specification. We are also grateful for the draft "safe copy and paste" from Paul Libbrecht (this draft is no longer available on the Web).
And finally, we would like to acknowledge the contributions made by the following:
Adam Barth, Shawn Carnell, Daniel Cheng, Daniel Dardailler, Domenic Denicola, Al Gilman, James Graham, James Greene, Ian Hickson, Darwin Huang, Lachlan Hunt, Philip Jägenstedt, Anne van Kesteren, Marijn Kruisselbrink, Aaron Leventhal, Jim Ley, Paul Libbrecht, "Martijn", Glenn Maynard, Chris Mills, ms2ger, Ryosuke Niwa, Robert O’Callahan, Dave Poehlman, "ROBO Design", Janina Sajka, Rich Schwerdtfeger, Jonas Sicking, Maciej Stachowiak, Mihai Sucan, Dmitry Titov, Ojan Vafai, Tarquin Wilton-Jones, Tom Wlodkowski, Bo Cupp, mbrodesser and Boris Zbarsky.
Appendix A: Algorithms
write content to the clipboard
- Input
-
items, a
DataTransferItemList
list of items to writeclear-was-called, a boolean
types-to-clear, a list
- Output
-
None
-
If the items list is not empty, then
-
Clear the clipboard
-
For each part in the list,
-
If data type is text/plain, then
-
Ensure encoding is correct per OS and locale conventions
-
Normalize line endings according to platform conventions
-
Place text on clipboard with the appropriate OS clipboard format description
-
-
Else, if data is of a type listed in the mandatory data types list, then
-
Place part on clipboard with the appropriate OS clipboard format description
-
-
Else
-
This is left to the implementation...
It’s not good to leave things up to the implementation. What should happen here?
Note: Due to limitations in the implementation of operating system clipboards, scripts should not assume that custom formats will be available to other applications on the system. For example, there is a limit to how many custom clipboard formats can be registered in Microsoft Windows. While it is possible to use any string for setData()’s type argument, sticking to the mandatory data types is strongly recommended.
-
-
-
-
Else, the items list is empty. Follow these steps to determine whether to clear the clipboard:
-
If the list of items is empty and the clear-was-called flag is true, then
-
If the types-to-clear list is empty, then
-
Clear the clipboard
-
-
Else
-
-
write blobs and option to the clipboard
- Input
-
presentationStyle, a clipboard item's presentation style
- Output
-
None
-
For each item in items:
-
Let formatString be the result of running os specific well-known format given item’s
type
. -
If formatString is empty then abort these steps.
-
Let payload be the result of UTF-8 decoding item’s underlying byte sequence.
-
Insert payload and presentationStyle into the system clipboard using formatString as the native clipboard format.
some OSs contain multiple clipboard (e.g. Linux, "primary", "secondary", "selection"). Define to which of those data is written.
-
os specific well-known format
- Input
-
mimeType, a
type
- Output
-
wellKnownFormat, a platform specific string type. On Mac it’s NSPasteboardType, on Windows it’s LPCWSTR and Linux it’s a const char*.
For Windows see https://docs.microsoft.com/en-us/windows/win32/dataxchg/standard-clipboard-formats and https://docs.microsoft.com/en-us/windows/win32/dataxchg/about-atom-tables?redirectedfrom=MSDN For Mac see https://developer.apple.com/documentation/appkit/nspasteboardtype
-
Let wellKnownFormat be a string.
-
If mimeType’s essence is "text/plain", then
On Windows, follow the convention described below:
-
Assign CF_UNICODETEXT to wellKnownFormat.
-
Return wellKnownFormat.
On MacOS, follow the convention described below:
-
Assign NSPasteboardTypeString to wellKnownFormat.
-
Return wellKnownFormat.
On Linux, ChromeOS, and Android, follow the convention described below:
-
Assign "text/plain" to wellKnownFormat.
-
Return wellKnownFormat.
-
-
Else, if mimeType’s essence is "text/html", then
On Windows, follow the convention described below:
-
Assign CF_HTML to wellKnownFormat.
-
Return wellKnownFormat.
On MacOS, follow the convention described below:
-
Assign NSHTMLPboardType to wellKnownFormat.
-
Return wellKnownFormat.
On Linux, ChromeOS, and Android, follow the convention described below:
-
Assign "text/html" to wellKnownFormat.
-
Return wellKnownFormat.
-
-
Else, if mimeType’s essence is "image/png", then
On Windows, follow the convention described below:
-
Assign "PNG" to wellKnownFormat.
-
Return wellKnownFormat.
On MacOS, follow the convention described below:
-
Assign NSPasteboardTypePNG to wellKnownFormat.
-
Return wellKnownFormat.
On Linux, ChromeOS, and Android, follow the convention described below:
-
Assign "image/png" to wellKnownFormat.
-
Return wellKnownFormat.
-
-
Else
-
This is left to the implementation...
It’s not good to leave things up to the implementation. What should happen here?
Note: Due to limitations in the implementation of operating system clipboards, scripts should not assume that custom formats will be available to other applications on the system. For example, there is a limit to how many custom clipboard formats can be registered in Microsoft Windows. While it is possible to use any string for setData()’s type argument, sticking to the mandatory data types is strongly recommended.
-
fire a clipboard event
- Input
-
e, the
ClipboardEvent
to fire - Output
-
None
-
Let clear-was-called be false
-
Let types-to-clear be an empty list
-
Let clipboard-event-data be a new
DataTransfer
object with an emptyitems
list. -
Let clipboard-entry be the sequence number of the current clipboard content, or null if the OS clipboard does not support sequence numbers
-
Let trusted be true if the event is generated by the user agent, false otherwise
-
Let target be set as follows:
-
If the context is editable, then
-
Set target to be the element that contains the start of the visible selection or cursor in document order, or the body element if there is no visible selection or cursor.
-
-
Else, if the context is not editable, then
-
Set target to the focused node, or the body element if no node has focus.
-
-
-
Process the event as follows:
-
If e is "paste", then
-
Set the clipboard-event-data’s internal drag data store mode flag to read-only.
-
If trusted is true, or the implementation is configured to give script-generated events read access to the OS clipboard
-
For each clipboard-part on the OS clipboard, carry out these steps:
-
If clipboard-part contains plain text, then
-
Ensure the text is in the encoding the scripting engine uses internally
-
Let new-data be a new
DataTransferItem
with drag data item kind set to string and drag data item type string set to text/plain. -
Set new-data’s data to the plain text.
-
Add new-data to clipboard-event-data’s
items
-
-
If clipboard-part represents file references, then for each file reference:
-
Determine MIME type of referenced file
-
Let new-data be a new
DataTransferItem
with drag data item kind set to file and drag data item type string set to the corresponding MIME type, orapplication/octet-stream
if the file’s type is unknown. -
Set new-data’s data to the file reference data.
-
Add new-data to clipboard-event-data’s
items
-
-
If clipboard-part contains HTML- or XHTML-formatted text, according to the operating system’s convention for describing such clipboard formats, then
-
If the implementation supports pasting HTML, then the implementation must process the markup by calling process an html paste event with clipboard-part and clipboard-event-data.
-
-
If clipboard-part contains data in another supported binary or text-based format (see mandatory data types), then
-
Determine the MIME type of the data
-
Let new-data be a new
DataTransferItem
with drag data item kind set to file, drag data item type string set to the corresponding MIME type -
Set new-data’s data to be the binary or text-based data.
-
Add new-data to clipboard-event-data’s
items
-
-
-
-
Update clipboard-event-data’s
files
property to match entries in clipboard-event-data’sitems
. -
Update clipboard-event-data’s
types
property to match entries in clipboard-event-data’sitems
.
-
-
If e is "copy" or "cut", then
-
Set the associated
DataTransfer
object’s internal drag data store mode flag to read/write
-
-
-
Set e’s
clipboardData
to clipboard-event-data. -
Set e’s
isTrusted
to trusted. -
Set e’s
composed
to true. -
Dispatch the event e which bubbles and is cancelable, and which uses the
ClipboardEvent
interface, at target.Implementation requirements for access to data during event dispatch are defined in [HTML]. Some additional clipboard event-specific processing rules are given below:
Why here? Why not in the HTML spec?
-
If a script calls clearData() or
clear()
and theDataTransfer
object’s internal drag data store mode flag is read/write, then-
Set the clear-was-called flag to true. If an argument is given, add the argument to the types-to-clear list.
-
-
If a script calls setData() or modifies items and the clear-was-called flag is true, then
-
If the types-to-clear list is empty, then
-
Set the clear-was-called flag to false, then
-
-
Else, if setData()’s
type
argument or the new item’s drag data item type string is found in the types-to-clear list, then-
Remove it from the list. If the list is now empty, set the clear-was-called flag to false.
-
-
-
If a script calls getData() or accesses items in the
DataTransferItemList
and clipboard-entry is set, then-
Check that the clipboard data’s sequence number matches clipboard-entry. If the clipboard no longer contains the same entry, set the
DataTransferItemList
object’s internal drag data store mode to protected.
-
Warning! A malicious script listening to a paste event may set up a never-ending loop in order to read what the user places on the clipboard in the future. On platforms where a clipboard sequence number is not available, other limitations should be implemented.
-
process an HTML paste event
- Input
-
clipboard-part, the clipboard part to process
clipboard-event-data, the
DataTransfer
object for this event - Output
-
None
-
Let new-data be a new
DataTransferItem
with drag data item kind set to Plain Unicode string, drag data item type string set to text/html or application/xhtml+xml accordingly. -
Extract the markup from clipboard-part and use the relevant parser to construct a DOM tree.
-
If the markup’s source URL is known, then resolve all relative URLs in HREF and SRC attributes using the source URL as base URL, and set the respective attributes to the resolved absolute URL.
-
If the markup’s origin is from a local application, then check whether there are references to local files and/or other parts of the OS clipboard’s contents. If such references are found, references to sub-parts must be replaced by content-id references using the cid: URL scheme [RFC2392]. To do so, process each attribute referencing a local file or clipboard part according to the following steps:
Are these steps necessary? Do we know about native (platform) clipboard implementations that support multiple parts with internal references?
This feature is at risk because it’s unclear whether it is required, and because it’s hard to test in a cross-platform way.
-
If clipboard-event-data’s
items
already contains an entry for the referenced file or clipboard part, then-
Set itemNumber to the index of the existing entry.
-
-
Else,
-
Let new-file-data be a new
DataTransferItem
with drag data item kind set to "file", and drag data item type string set to the MIME type of the file or clipboard part if known, orapplication/octet-stream
if the file’s type is unknown. -
Let file-info be a new
File
object withname
set to the name part of the HTML attribute contents, andlastModified
set to the timestamp of the referenced file or 0 if the entry references a clipboard part. -
Set new-file-data’s internal
File
object to file-info. -
Add new-file-data to clipboard-event-data’s
items
and let itemNumber be the index of this entry in theDataTransferItemList
.
-
-
Update the DOM attribute that referenced the local file or clipboard part to contain the string 'cid:' followed by itemNumber.
-
-
Serialize the processed DOM and update new-data with the resulting HTML code.
-
Add new-data to clipboard-event-data’s
items
.