The Async Clipboard API doesn't already restrict API use to top-level origins, but other potentially dangerous APIs like screen share do. Using a feature policy to restrict usage to top-level origins should help avoid potential permission/data leakages across origins.
Could we please add a Feature Policy to require the Clipboard API to only be accessible to top-level frames, at least unless the owning origin explicitly allows subframes to access this? (An extension from this could be only allowing the top-level origin to access this API, and not allowing sub-frames to access this at all). This change can likely use very similar text as in the screen share spec.
The Async Clipboard API doesn't already restrict API use to top-level origins, but other potentially dangerous APIs like screen share do. Using a feature policy to restrict usage to top-level origins should help avoid potential permission/data leakages across origins.
Could we please add a Feature Policy to require the Clipboard API to only be accessible to top-level frames, at least unless the owning origin explicitly allows subframes to access this? (An extension from this could be only allowing the top-level origin to access this API, and not allowing sub-frames to access this at all). This change can likely use very similar text as in the screen share spec.