Closed
Bug 360950
Opened 18 years ago
Closed 18 years ago
We should allow copy to clipboard via JavaScript without security restrictions
Categories
(Core :: Security: CAPS, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 239481
People
(Reporter: mkaply, Assigned: dveditz)
Details
Currently we disallow cut, copy and paste from Javascript for security reasons. It makes sense for paste but It doesn't make sense for cut or copy. Here's some text from Macromedia: http://livedocs.macromedia.com/labs/as3preview/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000166.html The System.setClipboard() method allows a SWF file to replace the contents of the Clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to Clipboards, there is no corresponding "getClipboard" (read) method. So as of today, you can use Flash to copy stuff to the clipboard anyway completing avoiding any security Mozilla/Firefox has anyway. So we should simple allow at least copying.
Updated•18 years ago
|
Summary: We should allow copy via Javascript without security restrictions → We should allow copy via JavaScript without security restrictions
Comment 1•18 years ago
|
||
It's disallowed for a reason: when I paste into a command prompt or IRC client, I shouldn't have to worry that some web site I have open might have put malicious code in my clipboard. If Flash allows that, I consider that a severe security hole in Flash. -> wontfix / dup of bug 239481. *** This bug has been marked as a duplicate of 239481 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Summary: We should allow copy via JavaScript without security restrictions → We should allow copy to clipboard via JavaScript without security restrictions
Comment 2•18 years ago
|
||
I think I got the attention of some Macromedia people: http://blog.washingtonpost.com/securityfix/2006/12/clipboard_data_theft_optional.html http://weblogs.macromedia.com/jd/archives/2006/12/ie_clipboard_ex.cfm
You need to log in
before you can comment on or make changes to this bug.
Description
•