Pasting copied content into search engine bar via right-click triggers DLP analysis
Categories
(Firefox :: Data Loss Prevention, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr115 | --- | unaffected |
firefox126 | --- | unaffected |
firefox127 | --- | unaffected |
firefox128 | --- | verified |
People
(Reporter: bhidecuti, Unassigned)
References
(Blocks 2 open bugs)
Details
Attachments
(1 file)
709.99 KB,
video/mp4
|
Details |
Found in
- 128.0a1 (2024-05-27)
Affected versions
- 128.0a1 (2024-05-27)
Preconditions
- Download the DLP test assets from https://drive.google.com/file/d/1yjqVRuxdKV3WnO7D2wzMgDXBuYBxUgVw/view
- Create a distribution folder inside the Firefox folder and paste the policies-1.json to it and then rename it to policies.json
- Run the DLP agent in CMD using: .\content_analysis_sdk_agent.exe --user --toblock=.\d{3}-?\d{2}-?\d{4}. --towarn=.warn. --delays=10
Tested platforms
- Affected platforms: Windows 10/11
- Unaffected platforms:Ubuntu 22.04, macOS 12.6.6
Steps to reproduce
- Open up a document in an external program (for example Notepad) and type “123456789” into it and copy it (Ctrl+C)
- Open a new tab and paste the copied text into the search engine bar under the Firefox logo by using the right click -> Paste option
- Observe the behavior
Expected result
- The text shows up immediately, without being analyzed by DLP
Actual result
- “Scan in progress” dialog is displayed. The content is analyzed and blocked afterwards
Regression range
- This is not a regression as this is a new feature
Additional notes
- See the attached video
- The scan is triggered regardless of the pasted content
- Not reproducing if pasting the copied content using Ctrl + V
- Not reproducing when pasting the content in the URL address bar
Comment 1•1 month ago
|
||
This is going to be made moot for most users by bug 1886558. It is possible that an administrator may want to turn on DLP for (most) about: pages, so this could still be a problem for them, but is pretty low priority.
Updated•25 days ago
|
Verified as fixed on Firefox Nightly 128.0a1 (2024-06-06), using Windows 10/11. DLP analysis is no longer triggered when pasting copied content into search engine bar via right-click, when policies-2.json is used (bug 1886558 changed the default value for the browser.contentanalysis.allow_url_regex_list pref to exempt about:pages from DLP, so policies-2.json will enable DLP but will not alter the pref value, unlike policies-1.json).
Description
•