473,287 Members | 3,253 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

FireFox 1.5 & clipboard access & controlling insert/overwrite mode

PMA
Hi all,

I am porting a web application from IE 6.0 to FireFox 1.5. I have
solved almost all compatibility issues (quite a lot but not too bad)
except two of them :

1) Clipboard access thru' JavaScript (programmatical copy and
paste actions)
2) Monitoring and driving Insert/Overwrite mode on input fields

Any help appreciated.

Philippe

Apr 13 '06 #1
12 6113
PMA said the following on 4/13/2006 6:04 AM:
Hi all,

I am porting a web application from IE 6.0 to FireFox 1.5. I have
solved almost all compatibility issues (quite a lot but not too bad)
except two of them :

1) Clipboard access thru' JavaScript (programmatical copy and
paste actions)
Can't programatically access the Clipboard in Firefox. It's an IE-only
security flaw - err - feature.
2) Monitoring and driving Insert/Overwrite mode on input fields


If memory serves me correctly, that can't be done in FF either.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Apr 13 '06 #2
PMA
OK

Thanks

But why do you consider access to clipboard thru' JS is a sec flaw ? I
really wonder why ...

Apr 13 '06 #3
PMA wrote:
OK

Thanks

But why do you consider access to clipboard thru' JS is a sec flaw ? I
really wonder why ...


Many times the word security flaw is used, especially when no scenario
is described, it means annoyance. Nevertheless, in this particular
instance, it can lead to data loss for the user. Consider that you are
editing something in Word and you do a cut. Along comes a
window.setTimeout from an open browser which decides it wants to write
to the clipboard and, poof, you don't get back what you cut.

It might be that there is an option or security setting that allows you
to bypass this restriction (not sure on that). Also, if your app is
for an intranet where you can dictate requirements, then this is
possible if you can require your users to have an extension to Firefox,
such as GreaseMonkey.

Csaba Gabor from Vienna

Apr 13 '06 #4
Csaba Gabor wrote:
PMA wrote:
OK

Thanks

But why do you consider access to clipboard thru' JS is a sec flaw ? I
really wonder why ...
Many times the word security flaw is used, especially when no scenario
is described, it means annoyance. Nevertheless, in this particular
instance, it can lead to data loss for the user. Consider that you are
editing something in Word and you do a cut. Along comes a
window.setTimeout from an open browser which decides it wants to write
to the clipboard and, poof, you don't get back what you cut.


I would say that is one of the least serious problems.
What about a webapp in the background that send all clipboardcontent to some
badguy's server nonstop?

And I think we saw reasons enough last years to consider IE a security flaw
on it's own behalf, not to mention the time Microsoft needs to patch their
own shit and release the patch.
Regards,
Erwin Moller

It might be that there is an option or security setting that allows you
to bypass this restriction (not sure on that). Also, if your app is
for an intranet where you can dictate requirements, then this is
possible if you can require your users to have an extension to Firefox,
such as GreaseMonkey.

Csaba Gabor from Vienna


Apr 13 '06 #5
"Csaba Gabor" <da*****@gmail.com> writes:
Many times the word security flaw is used, especially when no scenario
is described, it means annoyance. Nevertheless, in this particular
instance, it can lead to data loss for the user.


It can also lead to compromise of secret data:
<URL:http://tom.me.uk/clipboard/>
Since I use an application for storing my passwords, I will have them
in the clipboard at times. Were I to have IE open on a malicious page
at the time, that password could be sent to the bad guy.

A simple example of what can get captured:
---
<textarea id="store" rows="50" cols="80"></textarea>
<script type="text/javascript">
(function loot() {
var store = document.getElementById("store");
var last = "";
setInterval(
function(){
var now = window.clipboardData.getData("Text");
if (now != last) {
store.value += now;
last = now;
}
}, 250);
})()
</script>
---
Have this running in the background for a while and come back and see.
Then remember that this could all have been sent to somewhere using a
XMLHTTPRequest.

/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
Apr 13 '06 #6
PMA
Gotcha,

However, when inside some intranet apps (in fact we are just using Web
technologies for making applications that are NOT connected to the
Internet and where security issues are monitored thru' a lot of
securities guys, anti virus, anti-spyware, anti-trojan anti-...,
firewalls (many, many, many of them) it is in a way strange that no
configuration is provided to release some features like the one I need
in FF.

Thanx
Philippe

Apr 13 '06 #7
PMA wrote:
Gotcha,

However, when inside some intranet apps (in fact we are just using Web
technologies for making applications that are NOT connected to the
Internet and where security issues are monitored thru' a lot of
securities guys, anti virus, anti-spyware, anti-trojan anti-...,
firewalls (many, many, many of them) it is in a way strange that no
configuration is provided to release some features like the one I need
in FF.
Well, you 3 options:

1) you can always code them yourself.
Firefox is an Open Source initiative after all.

2) Search for a plugin that enables clipboardmanipulation.
Google for "plugin firefox clipboard"
Three link that might interest you:
http://extensionroom.mozdev.org/main.php/Firefox
https://addons.mozilla.org/extension...cation=firefox
http://www.quickonlinetips.com/archi...power-surfing/

I didn't check any of them myself, but I think that if you look into how the
plugins work, you can maybe make your own.
I am unsure if you can make a link to Javascript, as you asked in your
original question.

3) Or you can ask the developers of Firefox if they want to implement it.
It is technically not difficult.

Regards,
Erwin Moller


Thanx
Philippe


Apr 13 '06 #8

PMA wrote:
Hi all,

I am porting a web application from IE 6.0 to FireFox 1.5. I have
solved almost all compatibility issues (quite a lot but not too bad)
except two of them :

1) Clipboard access thru' JavaScript (programmatical copy and
paste actions)
2) Monitoring and driving Insert/Overwrite mode on input fields

Any help appreciated.

Philippe


Take a look at:-

<URL:http://xulplanet.com/references/xpcomref/group_Clipboard.html>
<URL:http://xulplanet.com/references/xpcomref/group_Selection.html>

Regards

Julian Turner

Apr 13 '06 #9
PMA
Thanx very much ...

I would not like to go to a specific dev for that feature. In a way I
prefer to "limit" the application users than telling IT departement
(there are not far from 15,000 users !) that they have to
"re-masterize" 15,000 Workstations ...

Best regards
Philippe

Apr 13 '06 #10
Lasse Reichstein Nielsen wrote:
It can also lead to compromise of secret data:
<URL:http://tom.me.uk/clipboard/>
Since I use an application for storing my passwords, I will have them
in the clipboard at times. Were I to have IE open on a malicious page
at the time, that password could be sent to the bad guy.


I had a small iframe script which captured clipboard contents silently in
the background on my javascript page for a while, just for curiosity sake.

It was quite amazing what I captured. Internal memos, passwords, IM chats,
emails, lots of code snippets, _lots_ of url's, etc.

Along with disabling ActiveX and "Install On Demand", disabling the
clipboard feature in IE is one of the basic steps every IE user should take
to make their browsing more secure. Besides switching to Firefox, of course
;)

--
Matt Kruse
http://www.JavascriptToolbox.com
http://www.AjaxToolbox.com
Apr 13 '06 #11
Matt Kruse wrote:
Lasse Reichstein Nielsen wrote:
It can also lead to compromise of secret data:
<URL:http://tom.me.uk/clipboard/>
Since I use an application for storing my passwords, I will have them
in the clipboard at times. Were I to have IE open on a malicious page
at the time, that password could be sent to the bad guy.


I had a small iframe script which captured clipboard contents silently in
the background on my javascript page for a while, just for curiosity sake.

It was quite amazing what I captured. Internal memos, passwords, IM chats,
emails, lots of code snippets, _lots_ of url's, etc.

Along with disabling ActiveX and "Install On Demand", disabling the
clipboard feature in IE is one of the basic steps every IE user should take
to make their browsing more secure. Besides switching to Firefox, of course


Boy, remind me to be very careful when visiting your sites!

I'll add just one more method into the mix: If you install
GreaseMonkey and then customize it per
http://www.nabble.com/GM_sendKeys-t1421601.html, then using
GM_sendKeys("^c",textarea) and GM_sendKeys("^v",textarea) does a copy
and paste to the textarea. Of course any other GM script that you
allow might be just as sneaky as Matt's site, so be careful...

Csaba

Apr 13 '06 #12
Csaba Gabor wrote:
Boy, remind me to be very careful when visiting your sites!


To be fair, it should be noted that the "experiment" was short-term, and
followed up with a message to the user alerting them of the security problem
in their browser. It was an experiment I did to prove how problematic this
feature is, and to use that evidence to convince some administrators in
several companies to disable the feature in all of their IE installations.

--
Matt Kruse
http://www.JavascriptToolbox.com
http://www.AjaxToolbox.com
Apr 13 '06 #13

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
by: LG | last post by:
Just have a question with regards to the clipboard, and how to read what other applications (Adobe InDesignCS) place in the clipboard. I am currently in the process of creating a booklet from a...
5
by: TC | last post by:
Hello, I am familiar with obtaining source file reference material from the system clipboard using the old Win32 API. For example, copy an Excel chart onto the clipboard and goto Word. Under,...
5
by: tabonni | last post by:
Hello All I am creating an ASP page. There are a list of filename and checkbox next to it. When user checked all the documents they want and click ADD TO CLIPBOARD button. All filepaths will be...
1
by: johngilmer | last post by:
By default, when I type into a text box, it inserts the text into the existing text rather than overwriting the existing text. If I hit the "insert" key on my keyboard, it switches the mode to...
10
by: wayne | last post by:
I found the following script to copy text to the client clipboard but it is not working in Firefox (works fine in IE 6). Can anyone suggest what I need to change? ...
0
by: **Developer** | last post by:
I have a RichTextBox and I want to programmatically change the Insert/Overwrite mode. I tried the following but it doesn't appear to change the mode. Pressing the Insert or Ins key does change...
1
by: Francesc Guim Bernat | last post by:
Dear colleagues, i'm getting in troubles using one XML library with Visual Studio .NET and Xerces with Xalan. When i execute the code i get the next run time error: "Run-Time Check Failure #2...
3
by: Developer | last post by:
I use the RichTextBox and sometimes put it into overwrite mode. I'd like the cursor to show whether its in overwrite or insert mode. I often use Cursor.Current = Cursors.WaitCursor and...
1
by: bogdanm | last post by:
Hello everyone, I am having a probleme with a issuu code when trying to insert it o my site it doesnt work in IE but in mozzila works fine the code is bellow: <div><object...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.