Giving the extension permission to read the clipboard also gives the website permission to read the clipboard

[david-clipboard2file]

First time the extension uses navigator.clipboard.read method, Chromium will prompt the user to grant the website permission to read the clipboard, not just the extension. As months pass, users will inadvertently give a lot of websites permission to read the clipboard without prompt, not just the extension. After using the extension, a malicious website could silently mine the contents of the clipboard.

[GooglyBlox]

That is a fair point! I hadn't even considered that. Will look into alternatives/solutions, thanks for the heads up 😄

[GooglyBlox]

It took me a few days, but I do believe I managed to find a solution to this problem. It's hacky, but I think it both gets the job done and helps with user experience. Will work on cleaning it up over the next few days, thank you very much for bringing this to my attention! I'll leave this issue open just in case you have any further comments about it or any other security concerns you believe I should take a look at.

[david-clipboard2file]

You may close this issue if you like, but here's a few more issues I'm seeing that you may want to address.

This extension doesn't handle disconnected inputs. This is a pattern used on google websites. Here's a demo https://codepen.io/david__c/pen/ExrGMNM

Additionally, the helper page doesn't always return to the original tab when its done processing. it looks like a random tab is being switched to sometimes, which is not a good user experience.