Home > Blogs > bruce

Grabbing the contents of your clipboard

Posted: Thursday, January 20, 2005 9:17 AM by bruce
Filed under: ,

Want to see something that's a little freaky?  Check out this post. Apparently you can grab the current contents of a user's clipboard through Javascript running in a browser.  While this probably isn't as much a security issue as some might think (after all, there really is no context for the data that is retrieved), it is interesting that it's even possible.  Thanks to Blair for the heads up.

Comments

  • bruce January 20, 2005 1:09 PM

    As pointed out on an entry from Jaime Cansdale's blog - http://weblogs.asp.net/nunitaddin/archive/2005/01/20/357121.aspx#357156 - you can disable this behavior through a security zone setting in IE. (Also, the exploit is an IE-only thing, FireFox is not vulnerable...)

  • bruce January 20, 2005 3:15 PM

    I wish IE would tighten down default settings for the Internet zone, though...

  • bruce January 20, 2005 3:47 PM

    Indeed. When you consider that a number of security bulletins going back as far as 2002 included recommending that 'allow paste operations via script' be set to Disabled, it's surprising that it SP2 doesn't include it.

Leave a Comment

(required) 
(optional)
(required) 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Save up to $500 during ObjectSharp's Summer Seat Sale - Click here to learn more!

Recent Posts

Tag Cloud

Connections

ObjectSharp Blogs

Other Blogs I Read

Profiles

Recent Articles