[Webkit-unassigned] [Bug 266569] New: The Webkit callout bar to paste content sometimes misses the "Paste" label

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 18 02:14:16 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=266569

            Bug ID: 266569
           Summary: The Webkit callout bar to paste content sometimes
                    misses the "Paste" label
           Product: WebKit
           Version: Safari 17
          Hardware: iPhone / iPad
                OS: iOS 17
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: georgianaa at adobe.com
                CC: wenson_hsieh at apple.com

Created attachment 469105

  --> https://bugs.webkit.org/attachment.cgi?id=469105&action=review

reproducing the issue in a isolated env

The Webkit callout bar asking user to provide their permission to paste content is sometimes missing the "Paste" label.

This issue does not reproduce consistently.

The Safari security criteria behind this callout bar are described here: https://webkit.org/blog/10855/async-clipboard-api/

"Since users may not always be aware that sensitive content has been copied to the pasteboard, restrictions on the ability to read are more strict than the restrictions on the ability to write. If a page attempts to programmatically read from the pasteboard outside of a user gesture, the promise will immediately reject. If the user is explicitly triggering a paste during the gesture (for instance, using a keyboard shortcut on macOS such as ⌘V or pasting using the “Paste” action on the callout bar on iOS), WebKit will allow the page to programmatically read the contents of the clipboard. Programmatic clipboard access is also automatically granted in the case where the contents of the system clipboard were written by a page with the same security origin. If neither of the above are true, WebKit will show platform-specific UI which the user may interact with to proceed with a paste. On iOS, this takes the form of a callout bar with a single option to paste; on macOS, it is a context menu item. Tapping or clicking anywhere in the page (or performing any other actions, such as switching tabs or hiding Safari) will cause the promise to be rejected; the page is granted programmatic access to the clipboard only if the user manually chooses to paste by interacting with the platform-specific UI."


The problem was reproduced on an iPhone simulator (iPhone 15/Safari 17) using this isolated jsbin environment: https://jsbin.com/yeputuxuvi/edit?output

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231218/f80b6731/attachment-0001.htm>

More information about the webkit-unassigned mailing list