Comment by mrguyorama
Comment by mrguyorama 10 months ago
Why can a website silently add stuff to my clipboard anyway? Firefox and Safari require "transient activation" to enable clipboard actions, which apparently only means you clicked your mouse (anywhere) or made a keystroke. What a brilliant security/permission strategy for such an important function, which can do things like expose your password, modify copied links, shuttle information across web page security and isolation boundaries etc
Chrome at least requires a prompt for reading clipboard contents, which is apparently "diverting from the specifications"!
Who came up with this? Why is every feature in web browsers and javascript built in the dumbest way possible? At least in Win32 when it says "you should only touch the clipboard on request from the user" they have the excuse that it was 1995 and there was very little information to muck with or steal on the average computer! Even then they still worked towards hardening the functionality.
Web browsers implemented this in 2018!
> Why can a website silently add stuff to my clipboard anyway?
It's copying content to the clipboard after the user clicks the "I'm not a robot" button. This is indistinguishable from the user clicking a "copy to clipboard" button on a web page, or clicking through an "edit > copy" menu - the only difference is user intent.