> Interestingly, copying content to the clipboard is open as in, there is no nee...

esperent · on Sept 2, 2020

Given that this says copying to the clipboard, not reading from it, I'm curious, why would you want to block it? The worst a website could do it mildly irritate you by copying junk to your clipboard.

leokennis · on Sept 2, 2020

Like jacobush mentions: copy some shell code to clipboard, tell unknowing user to open terminal and do CMD+V and enter.

Or indeed, put some malware site on my clipboard.

Either way, it’s my clipboard and no website should be able to change it without my permission.

teichmann · on Sept 2, 2020

I don't know about other browsers, but Webkit/Safari only allows writing to the clipboard when triggered by a user interaction.

Copied from https://webkit.org/blog/10855/async-clipboard-api/:

"The request to write to the clipboard must be triggered during a user gesture. A call to clipboard.write or clipboard.writeText outside the scope of a user gesture (such as click or touch event handlers) will result in the immediate rejection of the promise returned by the API call."

leokennis · on Sept 2, 2020

That is reassuring to hear, thanks for digging that up

harshitaneja · on Sept 3, 2020

You don't need an API to do this. You can just use CSS. Try this example- https://thejh.net/misc/website-terminal-copy-paste

lioeters · on Sept 3, 2020

Once I copied a lone line of commands to run, from a code block on a website (a tutorial article). When I pasted it in the terminal, it contained a bunch of garbage like copyright, unrelated text, and new lines.

Thankfully it didn't run anything serious, but ever since then, I've been careful to paste things into an editor to make sure that the browser copied the exact text that I selected. I understand there are specific needs to programmatically copy things to the clipboard, but I'd consider it a risk/vulnerability open to abuse.

jacobush · on Sept 2, 2020

shell code?