If this is old news then just ignore me.

I just found a "nice" piece of javascript that actually reads out the contents of my clipboard when I'm using IE...

Try it out for yourself:

http://oeh.network-electronics.com/~olegil/clipboard.html

It's safe, I'm not storing anything. But if you don't trust me, make sure not to have anything secret/sensitive in the copy/paste buffer. And you should of course not trust me. Using Opera, I get nothing. Using IE6 I get the last clipboard entry. I'm really not happy about this.

The php script which reads the form data from the javascript thingie prints out the HTML/javascript used for the excercise...

Luckily I use Opera most of the time, or I would feel a bit awkward right now. Not that I usually have much sensitive data in my clipboard, but you never know when you might have come across a website with a hidden clipboard extractor like this (it doesn't have to auto-submit, it could of course be a part of a login procedure or something, with SQL insert statements instead of prints in the PHP...).

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

@olegil

Doesn't seem to work with IBrowse, which is a good thing! I'll give AWeb a go in a mo...

_________________
After a decade away from the scene, I am back!

@amipal

Would be a bit strange if Amiga browsers were THAT compatible with IE

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

@olegil

Does not work with Firefox, but IE shows it all right .

_________________
Site admins are people too..pooff!

@olegil

Effing piece of sh**!

I'm sick and tired of hearing Microsoft apologists saying how Windows is so big and complex that's why there are the occasional security holes. Rubbish. This is clearly a "feature" deliberately added with absolutely no appreciation for basic security considerations.

Thankfully, it doesn't seem to work in Firefox, which is what any sane person should be using by now (or other alt browsers).

Hi @olegil

->"Try it out for yourself:

http://oeh.network-electronics.com/~olegil/clipboard.html

It's safe, I'm not storing anything. But if you don't trust me, make sure not
to have anything secret/sensitive in the copy/paste buffer....
________

I just checked with AWeb 3.5.7 and "Sorry, I don't have anything..."
Haha,...blitz...

_________________

Yup, it's non-standard, IE only. I was hoping it had been removed by now, but guess I hoped too much.

I'm ashamed to say I actually *shudder* had to write a script that used this when I was at my first job. I can't for the life of me remember why, but I do remember kicking up a fuss about it and then deciding it was less hassle to put it in than argue with management about "trivial" things like browser compatibility, privacy etc. I have sworn never to cross into the dark side ever again.

_________________
Snowboarder, Airsofter, Programmer, Writer and AmigaOne XE G4 owner.
Experienced applications developer and part-time snowboard instructor

@Laser

This is clearly a "feature" deliberately added with absolutely no appreciation for basic security considerations.

It might be.. But then again, IE can tell almost everything else about your system to the web developer so that it can read the clipboard out, well I'm not really suprised.

BTW, works on IE7 beta as well so no change there.

Hm.. This seems like a standard java or PHP function, so why doesn't it work in Firefox ? Can I get the PHP source ? (note I'm no PHP programmer... I'm just curious)

_________________
~
Everything you say will be misquoted and used against you..
~

@MetalJoe

Yup, it's non-standard, IE only.

It's not ? Ok, thanks.

_________________
~
Everything you say will be misquoted and used against you..
~

Doesn't get anything from Safari either.

@olegil



Love it! Love it, in a that-is-so-f**king-stupid-whatever-next sort of way.

I use Safari most of the time.

Mine said,

Quote:

, &srcRect, m_pScreen, &dstRect

_________________

@Seer

The PHP source is trivial. Just extract the value of the variable "content" as generated by the html form...

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

@Intuitioned

Hehe, obviously you have nothing to be ashamed of if you're writing GUI code


@thread
The reason I investigated this code is because it also managed to circumvent the "Block all popups" function in Opera. So I wanted to see how. I turned off everything and reloaded the page. Then I viewed the source. First thing that hit me was "hey, didn't that say _clipboard_? WTF?".

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

@olegil
Recently I was asked at my job if I could read an environment variable by a JavaScript. I said this is certainly not possible, because it would be a security risk and I was proved right by a bit of Googleing.
But this is even worse! Many people are copying passwords to the clipboard for not having to type them!
How stupid can the people at Microsoft be? Ok, they allowed scripts to be started by simply opening an email, which is even more stupid...
This company should be prohibited!

Alex.

_________________
Weighty message. You should to read.

@Laser


Quote:

I'm sick and tired of hearing Microsoft apologists saying how Windows is so big and complex that's why there are the occasional security holes. Rubbish. This is clearly a "feature" deliberately added with absolutely no appreciation for basic security considerations.

Features like this are logical enough when you consider what IE's sole purpose was for most of its life - a weapon to kill Netscape. The developer's main focus was simply to add as many features as possible in double-quick time, regardless of any side-effects, so that IE could do things Netscape Navigator couldn't, making it look like a better browser.

History records that this tactic worked brilliantly...

But now MS has to fix the pox-mess that is IE's code base in order to make it secure, while also out-featuring Mozilla/Firefox. I think they'd be better off scrapping it and building a new browser from scratch.

_________________
Who do you serve, and who do you trust? - Galen

@olegil
That's sweet

Thanks Olegil. I've been wanting to spend a few days figuring out just how much info can be gotten from browsers as 'playing around.' Nice to know MS has out best interests in mind there as always

FireFox, epiphany, and konqueror all come up with nada here, not surprisingly.

_________________
Are we not done with the same silly arguments and flames yet??!

@wegster

a good way to "steal" code from Microsoft... make a website with special interreset for Microsoft developers... and hope that they have a copy of most of their code in their clipboard And then it would even be their own fault

_________________
Best regards,
hnl_dk - Henning Nielsen Lund [Denmark]

Please send no PM to me, email me if you want to contact me. See you somewhere else.

@hnl_dk
Meh- M$ code not worth anything

_________________
Are we not done with the same silly arguments and flames yet??!

@wegster

Meh- M$ code not worth anything

Not even learning material ?






How not to do it...

Last edited by Seer on 19-Nov-2005 at 09:09 PM.

_________________
~
Everything you say will be misquoted and used against you..
~

@olegil
Hmm, this WOULD be a fun thing to publicize and then post to slashdot, now that I think of it

_________________
Are we not done with the same silly arguments and flames yet??!