> something I put there from my website

No, I understood that this was your intention. I'm trying to explain that even if you have the best of intentions, there is a risk you introduce a bug where your website _doesn't_ put something on the clipboard, so then when your app tries to read it, it instead reads whatever unrelated data is on the top of the user's clipboard. And if your app tries to append this value to a URL, then you are effectively sending clipboard data to your server, i.e. risking worst case scenarios like user passwords showing up in your server logs.

You have no idea how my app works and are just assuming. You have no idea what you're taking about.

You might be missing that that is a huge threat.

If you can put arbitrary data on the clipboard from your website, and then read it in your app, without my interaction, that allows for a variety of potential exploits.

I just need a path for routing man. I’m not asking for a lot here. I don’t even want to use the pasteboard for this in the first place.

So you're popping the latest value from the user's clipboard, crossing your fingers and hoping that it's the value you just copied from your site (and that there are no bugs in your code or some intricacies of the user agent that caused that copy to fail), and then sending the value to your server by appending it to your URL. Surely you see the risk here?

No, I’m looking in the clipboard for a valid path in my app and routing to it found and discarding if not. All routing is local to the client app and nothing is sent to the server.

If we’re taking hundreds of thousands of clients and it works 99% of the time, then the risk of it not working in that 1% of cases is acceptable to our product team. Worst cast scenario is that it fails, the user tries again, and no clipboard is needed on the second attempt because universal links work now that app is installed.

This value in the clipboard might be something like: /path-to-experience?id=something