Announcement

Collapse
No announcement yet.

Security warning about clipboard contents and web browsing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security warning about clipboard contents and web browsing

    http://kb.mozillazine.org/Granting_J..._the_clipboard

    i understand that JavaScript is able to read the clipboard.
    My browser is suppose to be deleting cookies and history whenever I close the browser but I don't really trust it to do that.
    It might help to delete the clipboard before and after certain internet activity.
    p purvis

  • #2
    Hi Paul

    I would just run a simple Powerbasic program which can clear the clipboard contents as follows :

    Run this exe file after each internet browsing session and you would see that all clipboards are clear.
    Place its shortcut on the desktop and remind yourself to run the program

    Code:
    #COMPILE EXE
    #DIM ALL
                ' clears all clipboard memory
    
    #INCLUDE "win32api.inc"
    
    FUNCTION PBMAIN () AS LONG
    
          CLIPBOARD RESET
           SLEEP 5
          CLIPBOARD RESET
           SLEEP 5
          CLIPBOARD RESET
    
    END FUNCTION

    Comment


    • #3
      Anne

      I use the clipboard commands a lot in my programs

      Why do you have to give three commands? Surely just one will do

      and you do not need the #INCLUDE - or do you?

      Kerry
      [I]I made a coding error once - but fortunately I fixed it before anyone noticed[/I]
      Kerry Farmer

      Comment


      • #4
        Hi Kerry

        3 Clipboard reset commands are to ensure all the stuff are cleared out completely from the Clipboard.
        And yes, you do not need the #INCLUDE statement, it is always placed there whenever I start any new program !
        It is just a habit!

        Comment


        • #5
          > it is always placed there whenever I start any new program !

          I used to do that too, until I compared compile times with/without.
          "Not my circus, not my monkeys."

          Comment


          • #6
            If you are concerned about javascript for your personal use, I can highly recommend using Firefox + (free) NoScript (addon). You get full granular control over what javascript can and can not execute while you browse.

            https://noscript.net/
            Bernard Ertl
            InterPlan Systems

            Comment


            • #7
              Originally posted by Bern Ertl View Post
              /thumb-up

              <b>George W. Bleck</b>
              <img src='http://www.blecktech.com/myemail.gif'>

              Comment


              • #8
                Originally posted by Anne Wilson View Post

                3 Clipboard reset commands are to ensure all the stuff are cleared out completely from the Clipboard.
                Anne

                [far from trying to dispute with you]

                I use storing to clipboard and retrieval lots and lots. I would know immediately if there was a problem with CLIPBOARD RESET - used only once. There is no such problem

                If I am wrong, then I am concerned about some of my products!

                I wonder if you would be so kind as to give more details.

                I use PBCC (latest) and Windows 10


                Thanks

                Kerry
                [I]I made a coding error once - but fortunately I fixed it before anyone noticed[/I]
                Kerry Farmer

                Comment


                • #9
                  Obviously Irish ancestry. To be sure, to be sure!

                  (It's not your products I'd be concerned about I've never seen a Clipboard Reset fail to reset the clipboard.. That would be a major bug which would have been reported many times.)

                  Comment


                  • #10
                    Originally posted by Paul Purvis View Post
                    i understand that JavaScript is able to read the clipboard.
                    My browser is suppose to be deleting cookies and history whenever I close the browser but I don't really trust it to do that.
                    It might help to delete the clipboard before and after certain internet activity.
                    If you think this is bad, whatever you do, don't read this. You'll probably have a coronary

                    Comment


                    • #11
                      Anne has the right idea, clear the clipboard when the data has been passed via the clipboard. This is what it looks like as API code in 64 bit.
                      Code:
                       ClearClipboard proc
                      
                          rcall OpenClipboard,0
                          rcall EmptyClipboard
                          rcall CloseClipboard
                      
                          ret
                      
                       ClearClipboard endp
                      hutch at movsd dot com
                      The MASM Forum

                      www.masm32.com

                      Comment


                      • #12
                        Originally posted by Stuart McLachlan View Post
                        Obviously Irish ancestry. To be sure, to be sure!
                        Begorrah

                        Irish name - but no, no Irish background!
                        [I]I made a coding error once - but fortunately I fixed it before anyone noticed[/I]
                        Kerry Farmer

                        Comment


                        • #13
                          Originally posted by Steve Hutchesson View Post
                          . This is what it looks like as API code in 64 bit.
                          And the relevance of that to PowerBASIC is?
                          CLIPBOARD RESET [, ClipResult]
                          The contents of the CLIPBOARD are deleted.



                          Comment


                          • #14
                            Simple, it gives you the name of the three (3) API calls necessary to do the job. Noting that all original API reference material is for C, using the form in a non basic language already has precedent.
                            hutch at movsd dot com
                            The MASM Forum

                            www.masm32.com

                            Comment


                            • #15
                              I think there is another important point in this post.

                              Examples should be the simplest examples possible. So the inclusion of
                              #INCLUDE "win32api.inc" is just a distraction [Sorry Anne, I am not getting at you]

                              For a newbie or someone a bit pathetic - like me - such complications can be very putting off.

                              In fact my complaint against PB - my only complaint - is that the examples in the help are not the most simple that they can be.

                              In my early days, it confused the heck out of me - cost me days and days - and many discussions with Lance.

                              Even now, it can still confuse me.

                              When you become proficient with PB such matters are insignificant. And it is hard for the proficient people to see what the problem is.

                              Kerry
                              [I]I made a coding error once - but fortunately I fixed it before anyone noticed[/I]
                              Kerry Farmer

                              Comment


                              • #16
                                I have been hard at other work.
                                I thought the clipboard for bitmap was separate from text. I have not tested that.
                                It might be more beneficial to put junk in the clipboard as an option rather than having it empty. Just a thought.
                                We limit internet web site usage but that only goes so far.
                                p purvis

                                Comment


                                • #17
                                  Originally posted by Paul Purvis View Post
                                  I have been hard at other work.
                                  I thought the clipboard for bitmap was separate from text. I have not tested that.
                                  It might be more beneficial to put junk in the clipboard as an option rather than having it empty. Just a thought.
                                  We limit internet web site usage but that only goes so far.
                                  Didn't the new Win10 updates include a history for clipboard?
                                  The world is strange and wonderful.*
                                  I reserve the right to be horrifically wrong.
                                  Please maintain a safe following distance.
                                  *wonderful sold separately.

                                  Comment


                                  • #18
                                    This is for Stuart. Works just fine.
                                    Code:
                                    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
                                    
                                     SUB clear_clipboard
                                    
                                        OpenClipboard 0
                                        EmptyClipboard
                                        CloseClipboard
                                    
                                     END SUB
                                    
                                    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
                                    As inlining the code is probably more efficient.
                                    Code:
                                        MACRO clipboard_clear
                                          OpenClipboard 0
                                          EmptyClipboard
                                          CloseClipboard
                                        END MACRO
                                    Last edited by Steve Hutchesson; 14 Oct 2018, 09:15 AM. Reason: Added a macro.
                                    hutch at movsd dot com
                                    The MASM Forum

                                    www.masm32.com

                                    Comment


                                    • #19
                                      Originally posted by Steve Hutchesson View Post
                                      This is for Stuart. Works just fine.
                                      No thanks, I'll stick with the built in function that returns Success/Failure.

                                      Comment


                                      • #20
                                        Can the macro have a loop till success. I don't use macros unless somebody post code that I use make use of. Very powerful and speeds up code but so far it has been out of my comfort zone.
                                        But if you can use a while loop or any loop.
                                        I would think would that should work.
                                        i think there is code to test if the clipboard is empty or not. I use the clipboard so much. It is likely one of my middle names.

                                        I should say how I came about becoming aware of this issue.
                                        We use google voice with internet explorer.
                                        While using internet explorer 8 in the newer google voice webpage. It makes use of a lot of JavaScript.
                                        There is some thingy you can press on near a text message that pops up a box where you can choose between a couple options. One of those options is to copy to the clipboard. But it fails. Apparently the JavaScript code is code that internet explorer 8 does not understand and even some of the older Firefox versions don't either but my systems are locked down to certain website locations and I have a hard time controlling Firefox limitations on google sites so only I allow internet explorer to use google voice.
                                        That is a whole other story.
                                        But we had to update our systems to newer windows due to the Internet TLS 1.2 requirements that XP does not have.
                                        We went to windows 7 pro or ultimate.
                                        Now using internet explorer 11 on windows 7 at the same screen. The little choice box to copy the texted message in the new google voice portal if portal is the new name for identifying newer webpages, well when you click on copy to clipboard it as you to confirm it can do that. So well, yes I said.
                                        We needed it to. So that was a no brainer.
                                        I have had a hard time with much other problems.
                                        So eventually, while demonstrating that copy to clipboard will now work from this shortcut of box to copy all the text message to clipboard without having to actually highlight the text and use the keyboard short cut which I believe is Ctrl-C from a GUI such as internet explorer, we now saw the warning that likely came from Internet Explorer 11 but could have been JavaScript code from google voice, I really don't know.
                                        Anyway, the long story short is the warning said something to the effect that websites could read the clipboard if I accepted to copy to the clipboard.
                                        Because we only allow certain websites to be accessed directly from our windows 7 operating system. I kind of just put this in the back of my mind till I could rethink it. It really peed me off thinking likely JavaScript was able to read my clipboard. Why in the devil would this even be allowed. If you want to copy your clipboard. There are ways to do that by the user. I blame Microsoft reguardless if it was their doing or not. What in the world is wrong with those coders. Don't give me this is Kool either crap. I have not said bad things about Microsoft in 4 days. This is about the longest number of days I have gone since our conversion out of windows XP. If I could jump ships to another operating system for the desktop. I would likely. But that you know is not going to happen.
                                        I will try some to find a webpage that reads the clipboard and share it if I find one. It would be good for testing web browsers. I really cannot say anything good about google chrome neither.
                                        Let me say that I have been able to lockdown Firefox to certain website for our systems so far. I use the portable version of it but have not been able to lockdown Firefox for specific google webpages but I have had success so far doing so with internet explorer. It has taken a lot of work to do so.
                                        p purvis

                                        Comment

                                        Working...
                                        X