We should allow copy to clipboard via JavaScript without security restrictions

RESOLVED DUPLICATE of bug 239481

Status

()

Core
Security: CAPS
RESOLVED DUPLICATE of bug 239481
11 years ago
11 years ago

People

(Reporter: mkaply, Assigned: dveditz)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
Currently we disallow cut, copy and paste from Javascript for security reasons.

It makes sense for paste but It doesn't make sense for cut or copy.

Here's some text from Macromedia:

http://livedocs.macromedia.com/labs/as3preview/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000166.html

The System.setClipboard() method allows a SWF file to replace the contents of the Clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to Clipboards, there is no corresponding "getClipboard" (read) method.


So as of today, you can use Flash to copy stuff to the clipboard anyway completing avoiding any security Mozilla/Firefox has anyway.

So we should simple allow at least copying.
Summary: We should allow copy via Javascript without security restrictions → We should allow copy via JavaScript without security restrictions

Comment 1

11 years ago
It's disallowed for a reason: when I paste into a command prompt or IRC client, I shouldn't have to worry that some web site I have open might have put malicious code in my clipboard.  If Flash allows that, I consider that a severe security hole in Flash.

-> wontfix / dup of bug 239481.

*** This bug has been marked as a duplicate of 239481 ***
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Summary: We should allow copy via JavaScript without security restrictions → We should allow copy to clipboard via JavaScript without security restrictions

Comment 2

11 years ago
I think I got the attention of some Macromedia people:
http://blog.washingtonpost.com/securityfix/2006/12/clipboard_data_theft_optional.html
http://weblogs.macromedia.com/jd/archives/2006/12/ie_clipboard_ex.cfm
You need to log in before you can comment on or make changes to this bug.