How to read the clipboard from JavaScript
Microsoft Internet Explorer exposes the contents of the clipboard to JavaScript on websites. This is a bad thing.
Just another in the long string of examples how Microsoft, in an attempt to get developers on board and build the largest software empire in the world, has made everything easy for the developers, and totally disregarded security.
My personal opinion, as always, is Internet Explorer should never be used.
See, though, the clipboard is useful. If I click on a button that says “copy to clipboard” on a social media site, I want it to work!
Elliott C. Bäck
17 Mar 07 at 10:25 pm
Some user use clipboard to transfer some very important informations (such us password). this is bad think!
adnan
6 Apr 07 at 7:41 am
IE7 now prompts users that the webpage is trying to access the clipboard.
John
20 Jun 07 at 10:57 am
Recently i attended a talk by John C. Mitchell, Stanford University on Java Script Isolation and Web security. He mentioned out similar points and vulnurabilites in Facebook and other websites with advertisments on it.
But anyway, i guess all the updated browsers now prevent access to any such features.
Rizwan
5 May 09 at 11:54 am
Well, IE permits reading or even writing to the clipboards, with or without prompting you, depending on how you categorize your sites. So your controlled intranet software can have many good features using clipboard, and you are still protected. FF have a switch to enable clipboard access to javascript, but it is not selected by site, so it is really insecure. I didn’t think I would say that, but MS is much better for developers and for security in that matter.
Hjunior
5 Feb 10 at 4:04 pm