[Grand Dizzy]

I visited an online shop selling PC monitors. I wanted to find reviews of the monitor, so I selected the monitor's name and hit Ctrl+C. When I did so, a popup appeared suggesting that the site somehow knows what key I pressed!

This seems like a gross violation of my privacy. What is going on here? Surely we can all agree that it should be impossible for a web page to know if the user is selecting and copying text.

I am becoming increasingly worried about online privacy. I recently visited a site which told me that it had put something into my copy buffer. That totally freaked me out. Sites simply should not be able to do that. The copy buffer is a private feature of my computer. Giving websites access to it is a gross violation of privacy.

[DanRaisch]

Moving to MozillaZine Tech as this is not a Firefox issue.

[morat]

The pcworld page uses a copy listener. It's no big deal.

Copy listener
http://www.w3schools.com/jsref/event_oncopy.asp

I believe a page needs a user invoked action to copy text to the clipboard.

Copy text to clipboard
http://www.w3schools.com/howto/howto_js_copy_clipboard.asp

More info
http://stackoverflow.com/questions/51528733

[Grand Dizzy]

The pcworld page uses a copy listener. It's no big deal.

Copy listener
http://www.w3schools.com/jsref/event_oncopy.asp

It seems like a big deal to me. Why should websites be allowed to spy on what we do while we're reading the page? Is there any way to block/disable this kind of thing?

[Grand Dizzy]

I've just been doing some reading and discovered that it's also possible for add-ons to interact with the clipboard too. I find this very disturbing. The clipboard is private. It contains what I want it to contain. Websites and add-ons have no business messing with it. There are no legitimate reasons for anyone to read or alter my copy buffer. No good can come of it, other than prying into other people's business.

Is there any way to completely prevent all sites and add-ons from interacting with my clipboard?

[morat]

Try these:

* set the dom.allow_cut_copy pref to false (default does not exist)
* set the dom.event.clipboardevents.enabled pref to false (default true)

Using about:config
http://kb.mozillazine.org/About:config

More info
http://github.com/pyllyukko/user.js/issues/287

[Grand Dizzy]

Try these:

* set the dom.allow_cut_copy pref to false (default does not exist)
* set the dom.event.clipboardevents.enabled pref to false (default true)

THANK YOU! This is exactly what I wanted!

But I still don't understand why both these prefs are "true" by default, and one of them is hidden!? Why would anyone want to allow websites to mess with their copy buffer? What good could come from it other than invasion of privacy? Isn't Firefox supposed to be for the more privacy-conscious user? If every website you visit can freely read everything in your buffer (including passwords, personal information, and explicit photos) then surely there should be a big button in the options to turn this "feature" off?

I see that this was raised on Bugzilla but no one has done anything about it yet:
https://bugzilla.mozilla.org/show_bug.cgi?id=1275246

[Grand Dizzy]

While I'm here, another clipboard issue that concerns me is that sometimes I copy and paste text in websites, and the text which appears will have formatting (e.g. bold, large text). Can anyone explain how this is happening, and what can be done to prevent it? When I paste the text into a text editor, there doesn't seem to be any formatting information, so where is the formatting information coming from?

This is obviously not how copying and pasting is supposed to work. People don't want secret information hiding in their copy buffer.

[morat]

every website you visit can freely read everything in your buffer

There is no api by which a website can read the clipboard without explicit user interaction. It would only be possible with a browser exploit.

What protections exist on operating system clipboards?
http://security.stackexchange.com/questions/184857