Closed Bug 360950 Opened 18 years ago Closed 18 years ago

We should allow copy to clipboard via JavaScript without security restrictions

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 239481

People

(Reporter: mkaply, Assigned: dveditz)

Details

Currently we disallow cut, copy and paste from Javascript for security reasons.

It makes sense for paste but It doesn't make sense for cut or copy.

Here's some text from Macromedia:

http://livedocs.macromedia.com/labs/as3preview/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000166.html

The System.setClipboard() method allows a SWF file to replace the contents of the Clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to Clipboards, there is no corresponding "getClipboard" (read) method.


So as of today, you can use Flash to copy stuff to the clipboard anyway completing avoiding any security Mozilla/Firefox has anyway.

So we should simple allow at least copying.
Summary: We should allow copy via Javascript without security restrictions → We should allow copy via JavaScript without security restrictions
It's disallowed for a reason: when I paste into a command prompt or IRC client, I shouldn't have to worry that some web site I have open might have put malicious code in my clipboard.  If Flash allows that, I consider that a severe security hole in Flash.

-> wontfix / dup of bug 239481.

*** This bug has been marked as a duplicate of 239481 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Summary: We should allow copy via JavaScript without security restrictions → We should allow copy to clipboard via JavaScript without security restrictions
You need to log in before you can comment on or make changes to this bug.