Last Comment Bug 360950 - We should allow copy to clipboard via JavaScript without security restrictions
: We should allow copy to clipboard via JavaScript without security restrictions
Status: RESOLVED DUPLICATE of bug 239481
:
Product: Core
Classification: Components
Component: Security: CAPS (show other bugs)
: Trunk
: x86 Windows XP
: -- normal (vote)
: ---
Assigned To: Daniel Veditz [:dveditz]
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-16 11:41 PST by Mike Kaply [:mkaply] (Out June 27-July 5)
Modified: 2006-12-26 14:20 PST (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Mike Kaply [:mkaply] (Out June 27-July 5) 2006-11-16 11:41:39 PST
Currently we disallow cut, copy and paste from Javascript for security reasons.

It makes sense for paste but It doesn't make sense for cut or copy.

Here's some text from Macromedia:

http://livedocs.macromedia.com/labs/as3preview/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000166.html

The System.setClipboard() method allows a SWF file to replace the contents of the Clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to Clipboards, there is no corresponding "getClipboard" (read) method.


So as of today, you can use Flash to copy stuff to the clipboard anyway completing avoiding any security Mozilla/Firefox has anyway.

So we should simple allow at least copying.
Comment 1 Jesse Ruderman 2006-11-17 20:50:10 PST
It's disallowed for a reason: when I paste into a command prompt or IRC client, I shouldn't have to worry that some web site I have open might have put malicious code in my clipboard.  If Flash allows that, I consider that a severe security hole in Flash.

-> wontfix / dup of bug 239481.

*** This bug has been marked as a duplicate of 239481 ***

Note You need to log in before you can comment on or make changes to this bug.