Website accessing clipboard or something else?

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
phil1246

Website accessing clipboard or something else?

Unread post by phil1246 » 2018-03-30, 21:42

Second try here first post attempt didnt work. Earlier today I copied a bit of text from a webpage and pasted it into a youtube search query. Later in the day at an unrelated website http://www.orlandosentinel.com/news/spa ... story.html I ran into the same bit of text I had earlier queried. A box in the page wouldnt close (possibly because javascript is disabled through noscript). I attempted to remove the box by selecting inspect element and deleting nodes. Underneath some of the deleted elements I found my earlier text query in a small blue box. Could it be that the website can retrieve from my clipboard?

Ez-waker

Re: Website accessing clipboard or something else?

Unread post by Ez-waker » 2018-03-31, 14:42

Possible. See: https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled

In your about:config, check the settings for: dom.event.clipboardevents.enabled

phil1246

Re: Website accessing clipboard or something else?

Unread post by phil1246 » 2018-04-01, 06:46

Set to true apparently :-( Guess it would be a bad idea to paste a password into a webpage then. So this is a setting whos primary purpose seems to be surveillance? I'm setting it to false will there be any repercussion?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Website accessing clipboard or something else?

Unread post by Moonchild » 2018-04-01, 12:09

For obvious reasons, websites can not use the paste functionality to grab things from the clipboard without user interaction.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

cimarronline

Re: Website accessing clipboard or something else?

Unread post by cimarronline » 2018-04-01, 12:49

I would guess it has to do with saved search/form history, rather than the clipboard. This can be turned off, in Preferences, under Privacy.

Lew Rockwell Fan

Re: Website accessing clipboard or something else?

Unread post by Lew Rockwell Fan » 2018-04-01, 20:09

cimarronline wrote:I would guess it has to do with saved search/form history, rather than the clipboard. This can be turned off, in Preferences, under Privacy.
That sounds right to me.
pale_moon_user wrote:In your about:config, check the settings for: dom.event.clipboardevents.enabled
Isn't that just for stuff on that particular page? Like letting example.com know you copied some text from their page or pasted something into an input box (like a password field for example) on their page?
phil1246 wrote:Set to true apparently :-( Guess it would be a bad idea to paste a password into a webpage then. So this is a setting whos primary purpose seems to be surveillance? I'm setting it to false will there be any repercussion?
Experiment should answer that. What have you found? I'm guessing maybe you will find it is no longer possible to paste into any kind of input field (like a reply field for example).

phil1246

Re: Website accessing clipboard or something else?

Unread post by phil1246 » 2018-04-02, 07:40

I'm not seeing anything different on my end. Copy paste seems to work just fine. I think this setting is feedback for the webmaster. I still dislike this though like I dislike my browser reporting my addons. I might be selfish but some websites are evil.

phil1246

Re: Website accessing clipboard or something else?

Unread post by phil1246 » 2018-04-02, 07:49

cimarronline wrote:
"I would guess it has to do with saved search/form history, rather than the clipboard. This can be turned off, in Preferences, under Privacy."

The only option I see for this is whether to delete this when I close the browser ie tools -> preferences -> privacy -> history ->settings
Am I looking in the wrong place?

Pelican
Fanatic
Fanatic
Posts: 220
Joined: 2018-02-23, 06:51

Re: Website accessing clipboard or something else?

Unread post by Pelican » 2018-04-02, 08:41

Admitted that there are privacy issues here, I don't see a threat to your computer.

If a browser is reporting what you copy-n-paste that could be a concern, especially when it is outside the process of a) requesting a page and b) the server delivering the HTML for that page. So you are suggesting that after delivering the page that the browser is then sending your keystrokes back to the server?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Website accessing clipboard or something else?

Unread post by Moonchild » 2018-04-02, 10:42

Everyone just calm down.
Inform yourself and don't jump to conclusions, please.

DOM clipboard events are used to, for example, have a button on a web page to place something on your clipboard (like a hash, url, etc.)

Clipboard operations initiated by you (Ctrl-C, Ctrl-V, Shift-Ins, using context menu, using edit menu, etc.) have nothing to do with DOM events, nor form history.

Web pages cannot access your clipboard content (to read from it) by design. As said in my previous (and apparently ignored) post. This would be a privacy and potential security issue if allowed. Without knowing the exact steps performed and exactly where you see the query, it's not possible to know why the search query ended up in the element inspector, but be aware that devtools is not page content and has more powers to access the clipboard (including accessing its content).
Last edited by Moonchild on 2018-04-02, 15:18, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

cimarronline

Re: Website accessing clipboard or something else?

Unread post by cimarronline » 2018-04-02, 12:45

phil1246 wrote:The only option I see for this is whether to delete this when I close the browser ie tools -> preferences -> privacy -> history ->settings
Am I looking in the wrong place?
Preferences > Privacy, under History tab, untick "Remember search and form history"
Last edited by cimarronline on 2018-04-02, 12:45, edited 1 time in total.

phil1246

Re: Website accessing clipboard or something else?

Unread post by phil1246 » 2018-04-02, 18:56

WilliamK wrote:Admitted that there are privacy issues here, I don't see a threat to your computer.
So you are suggesting that after delivering the page that the browser is then sending your keystrokes back to the server?
No I'm suggesting that something I previously copied and pasted is somehow being transmitted to an unrelated website. It may be the result of copy/paste or it may be the result of searching youtube. I don't understand the underlying mechanism and I wish I had documented this better as I'm not having success replicating it. The only risk is that you copy and paste some sensitive personal information and some site collects and does something nefarious with it.

Fedor2

Re: Website accessing clipboard or something else?

Unread post by Fedor2 » 2018-04-03, 03:30

Of course you can paste to the site which can collect, but what is the problem? As been said site cant do it on its own, only you. Be careful, do not paste sensitive things to anywhere.

Ez-waker

Re: Website accessing clipboard or something else?

Unread post by Ez-waker » 2018-04-03, 04:21

phil1246 wrote:No I'm suggesting that something I previously copied and pasted is somehow being transmitted to an unrelated website.
If I understand you correctly, that is almost definitely not what's happening. As Moonchild has said:
Moonchild wrote:DOM clipboard events are used to, for example, have a button on a web page to place something on your clipboard (like a hash, url, etc.)

[...]

Clipboard operations initiated by you (Ctrl-C, Ctrl-V, Shift-Ins, using context menu, using edit menu, etc.) have nothing to do with DOM events, nor form history.

Web pages cannot access your clipboard content (to read from it) by design. As said in my previous (and apparently ignored) post. This would be a privacy and potential security issue if allowed. Without knowing the exact steps performed and exactly where you see the query, it's not possible to know why the search query ended up in the element inspector, but be aware that devtools is not page content and has more powers to access the clipboard (including accessing its content).

Locked