Help! Website able to detect my copying and pasting
9 posts
• Page 1 of 1
I visited an online shop selling PC monitors. I wanted to find reviews of the monitor, so I selected the monitor's name and hit Ctrl+C. When I did so, a popup appeared suggesting that the site somehow knows what key I pressed!
This seems like a gross violation of my privacy. What is going on here? Surely we can all agree that it should be impossible for a web page to know if the user is selecting and copying text. I am becoming increasingly worried about online privacy. I recently visited a site which told me that it had put something into my copy buffer. That totally freaked me out. Sites simply should not be able to do that. The copy buffer is a private feature of my computer. Giving websites access to it is a gross violation of privacy. ![]() Moving to MozillaZine Tech as this is not a Firefox issue.
The pcworld page uses a copy listener. It's no big deal.
Copy listener http://www.w3schools.com/jsref/event_oncopy.asp I believe a page needs a user invoked action to copy text to the clipboard. Copy text to clipboard http://www.w3schools.com/howto/howto_js_copy_clipboard.asp More info http://stackoverflow.com/questions/51528733
It seems like a big deal to me. Why should websites be allowed to spy on what we do while we're reading the page? Is there any way to block/disable this kind of thing? I've just been doing some reading and discovered that it's also possible for add-ons to interact with the clipboard too. I find this very disturbing. The clipboard is private. It contains what I want it to contain. Websites and add-ons have no business messing with it. There are no legitimate reasons for anyone to read or alter my copy buffer. No good can come of it, other than prying into other people's business.
Is there any way to completely prevent all sites and add-ons from interacting with my clipboard? Try these:
* set the dom.allow_cut_copy pref to false (default does not exist) * set the dom.event.clipboardevents.enabled pref to false (default true) Using about:config http://kb.mozillazine.org/About:config More info http://github.com/pyllyukko/user.js/issues/287
THANK YOU! This is exactly what I wanted! ![]() But I still don't understand why both these prefs are "true" by default, and one of them is hidden!? Why would anyone want to allow websites to mess with their copy buffer? What good could come from it other than invasion of privacy? Isn't Firefox supposed to be for the more privacy-conscious user? If every website you visit can freely read everything in your buffer (including passwords, personal information, and explicit photos) then surely there should be a big button in the options to turn this "feature" off? I see that this was raised on Bugzilla but no one has done anything about it yet: https://bugzilla.mozilla.org/show_bug.cgi?id=1275246 While I'm here, another clipboard issue that concerns me is that sometimes I copy and paste text in websites, and the text which appears will have formatting (e.g. bold, large text). Can anyone explain how this is happening, and what can be done to prevent it? When I paste the text into a text editor, there doesn't seem to be any formatting information, so where is the formatting information coming from?
This is obviously not how copying and pasting is supposed to work. People don't want secret information hiding in their copy buffer.
There is no api by which a website can read the clipboard without explicit user interaction. It would only be possible with a browser exploit. What protections exist on operating system clipboards? http://security.stackexchange.com/questions/184857
9 posts
• Page 1 of 1
Return to Web Development / Standards Evangelism Who is onlineUsers browsing this forum: No registered users and 3 guests |
![]() |