Can put editor compatible content into clipboard and bypass paste rules

What’s the bug you are facing?

When I copied content from editor, I noticed that it actually copied the HTML and add special attribute data-pm-slice to mark this content copied from editor.

Then I can programmatically put content with the same data-pm-slice attribute into the clipboard, then paste content to editor. It will not trigger extension paste rules, but will trigger parseHTML function.

Users can also do the same thing from the console panel in browser DevTool. So I need to write repetitive rules in parseHTML function to verify everything is right.

How can we reproduce the bug on our side?

Open DevTool Console Panel in Chrome and execute following codes:

function setClipboard(html) {
    const type = "text/html";
    const blob = new Blob([text], { type });
    const data = [new ClipboardItem({ [type]: blob })];
    navigator.clipboard.write(data).then(
        function () {
          console.log('success');
        },
        function (e) {
            console.log('failed', e);
        }
    );
}

setTimeout(() => setClipboard(`<meta charset='utf-8'><p data-pm-slice="">{{ your content }}</p>`), 3000)

Focus current window

Paste to editor

Can you provide a CodeSandbox?

No response

What did you expect to happen?

I expect only content actually copied from editor will bypass paste rules. And when user mock the content programmatically, it should not be recognized as content copied from editor.

I am not sure if this is an issue or not. But it cause complex verify logic in parseHTML function. Because this content might come from user in an unexpected way.

Anything to add? (optional)

No response

Did you update your dependencies?

• Yes, I’ve updated my dependencies to use the latest version of all packages.

Are you sponsoring us?

• Yes, I’m a sponsor. 💖