Clipboard access using Javascript - sans Flash?

views:

540

answers:

+5 Q:

Clipboard access using Javascript - sans Flash?

Is there a reliable way to access the client machine's clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use Flash?

My primary target is IE8, but would like to support FF and Chrome also.

I have seen the technique to do this using Flash, but am looking for a pure js route:
Clipboard access using Flash

+1 A:

Forget pure JS.

There is no standard API for accessing the clipboard, and few browsers implement a propriety method.

Flash is the 'standard' method.

David Dorward 2009-11-09 15:00:49

+3 A:

No, not in FF and Chrome. It works in IE (not sure about 7 and 8, but definitively 6), and from Flash. That is why Flash is always used.

Marius 2009-11-09 15:01:47

+1 A:

What do you want the clipboard data for and when do you want it? If you're interecpting a user paste, there are things that can be done with pure JavaScript.

Tim Down 2009-11-09 15:15:09

+1 for the suggestion, but I need to interop with other non-browser programs for copy source

Chris Ballance 2009-11-09 15:25:10

+1 A:

You're looking for the execCommand function, at least the best I can tell. Here are some resources: http://stackoverflow.com/questions/252151/insert-text-in-javascript-contenteditable-div http://www.java2s.com/Code/JavaScriptReference/Javascript-Methods/execCommandisappliedto.htm

Unfortunately, this runs into the same security loophole that Flash sealed in Flash 9. Since people were spamming the clipboard, the clipboard is now only accessible through direct user interaction, and honestly, it is better that way. And I'll wager that most browsers have similar (if not stricter policies).

Christopher W. Allen-Poole 2009-11-09 15:23:39

+2 A:

Since this is a big security risk, all browsers that care about safety don't allow JS to access the clipboard.

The main reason is that many people put their passwords into a text file and then use cut&paste to login. Crackers could then collect the password (and possibly other private information like the word document which you just copied) from the clipboard by cracking a popular site and installing some JS that sends them the content of the clipboard.

Which is why I have flash disabled all the time.

Aaron Digulla 2009-11-09 15:24:16

You know that Flash >= 10 (actually, I think it's really the latest version of 9, but whatever) restricts all clipboard access to actions which involve the user -- unless you *DIRECTLY* press a button or press a key (while the swf is active), it you're completely safe.

Christopher W. Allen-Poole 2009-11-09 21:01:48

Which is why crackers put the flash in front of something on the page which looks like a link but is in fact text just styled that way. When the users click on the "link", they activate the flash.

Aaron Digulla 2009-11-10 08:04:29

You're just paranoid.

Alexsander Akers 2009-11-17 20:26:23

I'm just staying up to date with the latest scams. Clickjacking is already one year old (http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1333899,00.html).

Aaron Digulla 2009-11-18 08:25:34

+1 A:

http://www.rodsdot.com/ee/cross_browser_clipboard_copy_with_pop_over_message.asp implements the ZeroClipboard flash object correctly and is cross browser. It also discusses the potential problems with ZeroClipboard and possible work-arounds. Also compatible with Flash 10+.

rdivilbiss 2010-06-25 02:53:35

ansaurus

tags:

views:

answers:

Clipboard access using Javascript - sans Flash?

related questions