Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 360950 - We should allow copy to clipboard via JavaScript without security restrictions
: We should allow copy to clipboard via JavaScript without security restrictions
Status: RESOLVED DUPLICATE of bug 239481
Product: Core
Classification: Components
Component: Security: CAPS (show other bugs)
: Trunk
: x86 Windows XP
: -- normal (vote)
: ---
Assigned To: Daniel Veditz [:dveditz]
: Selena Deckelmann :selenamarie :selena use ni?
Depends on:
  Show dependency treegraph
Reported: 2006-11-16 11:41 PST by Mike Kaply [:mkaply]
Modified: 2006-12-26 14:20 PST (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Mike Kaply [:mkaply] 2006-11-16 11:41:39 PST
Currently we disallow cut, copy and paste from Javascript for security reasons.

It makes sense for paste but It doesn't make sense for cut or copy.

Here's some text from Macromedia:

The System.setClipboard() method allows a SWF file to replace the contents of the Clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to Clipboards, there is no corresponding "getClipboard" (read) method.

So as of today, you can use Flash to copy stuff to the clipboard anyway completing avoiding any security Mozilla/Firefox has anyway.

So we should simple allow at least copying.
Comment 1 Jesse Ruderman 2006-11-17 20:50:10 PST
It's disallowed for a reason: when I paste into a command prompt or IRC client, I shouldn't have to worry that some web site I have open might have put malicious code in my clipboard.  If Flash allows that, I consider that a severe security hole in Flash.

-> wontfix / dup of bug 239481.

*** This bug has been marked as a duplicate of 239481 ***

Note You need to log in before you can comment on or make changes to this bug.