Friday, January 21, 2005

Javascript clipboard again

I've just tried it again at work with XP SP2, and it is enabled by default on my machine.

The difference between this and security holes, such as buffer overruns, is that this is actually a feature. Someone has taken the time to write the clipboardData.getData function into JavaScript, and the IE team spent time implementing it. I can only conclude that this was added when the browser war was full on, and any new feature that could be added was seen as an advantage. Security wasn't such a big deal to Microsoft back then.

I'd love to know when this was introduced, and what conversations were going round at the time. If anyone knows of anyone who knows, or knows of anyone who may know anyone who knows, please let me know.

2 Comments:

Wiebe Tijsma said...: Appearantly since IE 5 (http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/objects/clipboarddata.asp
).

I don't think it will be exploited that much, because it's random data. Everything you can gather with this method would need to be screened and used manually.

It could hurt though, most of the time on my clipboard there's URL's or FTP and SQL connection strings.; January 26, 2005 12:09 PM
Simon said...: Thanks for the link. Very interesting.; January 26, 2005 3:41 PM

Links to this post:

<$BlogBacklinkTitle$>: <$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> @ <$BlogBacklinkDateTime$>

Create a Link

<< Home

Javascript clipboard again

2 Comments:

Links to this post:

Search

Popular Entries

Geekery

Sponsored links

Subscribe

Archives