Pale Moon forum

Second try here first post attempt didnt work. Earlier today I copied a bit of text from a webpage and pasted it into a youtube search query. Later in the day at an unrelated website http://www.orlandosentinel.com/news/spa ... story.html I ran into the same bit of text I had earlier queried. A box in the page wouldnt close (possibly because javascript is disabled through noscript). I attempted to remove the box by selecting inspect element and deleting nodes. Underneath some of the deleted elements I found my earlier text query in a small blue box. Could it be that the website can retrieve from my clipboard?

Possible. See: https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled

In your about:config, check the settings for: dom.event.clipboardevents.enabled

Set to true apparently Guess it would be a bad idea to paste a password into a webpage then. So this is a setting whos primary purpose seems to be surveillance? I'm setting it to false will there be any repercussion?

For obvious reasons, websites can not use the paste functionality to grab things from the clipboard without user interaction.

I would guess it has to do with saved search/form history, rather than the clipboard. This can be turned off, in Preferences, under Privacy.

cimarronline wrote:I would guess it has to do with saved search/form history, rather than the clipboard. This can be turned off, in Preferences, under Privacy.

That sounds right to me.

pale_moon_user wrote:In your about:config, check the settings for: dom.event.clipboardevents.enabled

Isn't that just for stuff on that particular page? Like letting example.com know you copied some text from their page or pasted something into an input box (like a password field for example) on their page?

phil1246 wrote:Set to true apparently Guess it would be a bad idea to paste a password into a webpage then. So this is a setting whos primary purpose seems to be surveillance? I'm setting it to false will there be any repercussion?

Experiment should answer that. What have you found? I'm guessing maybe you will find it is no longer possible to paste into any kind of input field (like a reply field for example).

I'm not seeing anything different on my end. Copy paste seems to work just fine. I think this setting is feedback for the webmaster. I still dislike this though like I dislike my browser reporting my addons. I might be selfish but some websites are evil.

cimarronline wrote:
"I would guess it has to do with saved search/form history, rather than the clipboard. This can be turned off, in Preferences, under Privacy."

The only option I see for this is whether to delete this when I close the browser ie tools -> preferences -> privacy -> history ->settings
Am I looking in the wrong place?

Admitted that there are privacy issues here, I don't see a threat to your computer.

If a browser is reporting what you copy-n-paste that could be a concern, especially when it is outside the process of a) requesting a page and b) the server delivering the HTML for that page. So you are suggesting that after delivering the page that the browser is then sending your keystrokes back to the server?

Everyone just calm down.
Inform yourself and don't jump to conclusions, please.

DOM clipboard events are used to, for example, have a button on a web page to place something on your clipboard (like a hash, url, etc.)

Clipboard operations initiated by you (Ctrl-C, Ctrl-V, Shift-Ins, using context menu, using edit menu, etc.) have nothing to do with DOM events, nor form history.

Web pages cannot access your clipboard content (to read from it) by design. As said in my previous (and apparently ignored) post. This would be a privacy and potential security issue if allowed. Without knowing the exact steps performed and exactly where you see the query, it's not possible to know why the search query ended up in the element inspector, but be aware that devtools is not page content and has more powers to access the clipboard (including accessing its content).

phil1246 wrote:The only option I see for this is whether to delete this when I close the browser ie tools -> preferences -> privacy -> history ->settings
Am I looking in the wrong place?

Preferences > Privacy, under History tab, untick "Remember search and form history"

WilliamK wrote:Admitted that there are privacy issues here, I don't see a threat to your computer.
So you are suggesting that after delivering the page that the browser is then sending your keystrokes back to the server?

No I'm suggesting that something I previously copied and pasted is somehow being transmitted to an unrelated website. It may be the result of copy/paste or it may be the result of searching youtube. I don't understand the underlying mechanism and I wish I had documented this better as I'm not having success replicating it. The only risk is that you copy and paste some sensitive personal information and some site collects and does something nefarious with it.

Of course you can paste to the site which can collect, but what is the problem? As been said site cant do it on its own, only you. Be careful, do not paste sensitive things to anywhere.

phil1246 wrote:No I'm suggesting that something I previously copied and pasted is somehow being transmitted to an unrelated website.

If I understand you correctly, that is almost definitely not what's happening. As Moonchild has said:

Moonchild wrote:DOM clipboard events are used to, for example, have a button on a web page to place something on your clipboard (like a hash, url, etc.)

[...]

Clipboard operations initiated by you (Ctrl-C, Ctrl-V, Shift-Ins, using context menu, using edit menu, etc.) have nothing to do with DOM events, nor form history.

Web pages cannot access your clipboard content (to read from it) by design. As said in my previous (and apparently ignored) post. This would be a privacy and potential security issue if allowed. Without knowing the exact steps performed and exactly where you see the query, it's not possible to know why the search query ended up in the element inspector, but be aware that devtools is not page content and has more powers to access the clipboard (including accessing its content).