Closed Bug 1899305 Opened 1 month ago Closed 25 days ago

Pasting copied content into search engine bar via right-click triggers DLP analysis

Categories

(Firefox :: Data Loss Prevention, defect)

Product:
Firefox
Component:
Data Loss Prevention
Version:
Firefox 128
Platform:
Desktop
Windows
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox126 --- unaffected
firefox127 --- unaffected
firefox128 --- verified

People

(Reporter: bhidecuti, Unassigned)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Content being analyzed by DLP when using right click
709.99 KB, video/mp4
Details

Found in

  • 128.0a1 (2024-05-27)

Affected versions

  • 128.0a1 (2024-05-27)

Preconditions

  • Download the DLP test assets from https://drive.google.com/file/d/1yjqVRuxdKV3WnO7D2wzMgDXBuYBxUgVw/view
  • Create a distribution folder inside the Firefox folder and paste the policies-1.json to it and then rename it to policies.json
  • Run the DLP agent in CMD using: .\content_analysis_sdk_agent.exe --user --toblock=.\d{3}-?\d{2}-?\d{4}. --towarn=.warn. --delays=10

Tested platforms

  • Affected platforms: Windows 10/11
  • Unaffected platforms:Ubuntu 22.04, macOS 12.6.6

Steps to reproduce

  1. Open up a document in an external program (for example Notepad) and type “123456789” into it and copy it (Ctrl+C)
  2. Open a new tab and paste the copied text into the search engine bar under the Firefox logo by using the right click -> Paste option
  3. Observe the behavior

Expected result

  • The text shows up immediately, without being analyzed by DLP

Actual result

  • “Scan in progress” dialog is displayed. The content is analyzed and blocked afterwards

Regression range

  • This is not a regression as this is a new feature

Additional notes

  • See the attached video
  • The scan is triggered regardless of the pasted content
  • Not reproducing if pasting the copied content using Ctrl + V
  • Not reproducing when pasting the content in the URL address bar

This is going to be made moot for most users by bug 1886558. It is possible that an administrator may want to turn on DLP for (most) about: pages, so this could still be a problem for them, but is pretty low priority.

Status: NEW → RESOLVED
Closed: 25 days ago
Resolution: --- → FIXED

Verified as fixed on Firefox Nightly 128.0a1 (2024-06-06), using Windows 10/11. DLP analysis is no longer triggered when pasting copied content into search engine bar via right-click, when policies-2.json is used (bug 1886558 changed the default value for the browser.contentanalysis.allow_url_regex_list pref to exempt about:pages from DLP, so policies-2.json will enable DLP but will not alter the pref value, unlike policies-1.json).

Status: RESOLVED → VERIFIED
status-firefox128: affectedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: