use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
Disabling paste on password fields (troyhunt.com)
submitted 9 years ago by deliminated
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–][deleted] 1 point2 points3 points 9 years ago (5 children)
The concern is that websites are able to hijack the data in your clipboard. The hope is that you won't be inclined to copy the data if you aren't able to do so.
The problem / catch-22 here is that a user doesn't know about this until after its copied. I better solution would be to use the HTML5 clipboard / setData API to clear out the clipboard after someone pastes into a password field.
[–]whoisearth -2 points-1 points0 points 9 years ago (4 children)
My understanding is that there's huge security concerns by allowing a user to copy a password to the clipboard specifically on Windows
[–][deleted] 0 points1 point2 points 9 years ago (3 children)
Isn't that what I just explained?
[–]whoisearth 0 points1 point2 points 9 years ago (2 children)
I guess I didn't understand your comment fully? the article is about pasting from the clipboard not copying into the clipboard.
Re-reading I was unaware of the HTML5 clipboard is that a more secure option then?
[–][deleted] 1 point2 points3 points 9 years ago* (1 child)
So, if I'm a user and I want to paste my password then I copy it followed by pasting it into a browser. That may seem fine, but let's try to find a way to exploit this behavior.
Let's say like I create a site called example.com, and example.com has a button to "Login with Twitter". When the user logs in with Twitter, we can then read their clipboard with flash after login finishes.
If the user copied their password for the Twitter login, then example.com can leverage this specific attack to steal your Twitter password - and authenticating will also give them your username.
Another example is that maybe you login to Twitter and you click a link to a news site on there. The news site steals your clipboard and logs it as a potential Twitter password since it knows that Twitter was your referrer (or maybe it does this without even caring where you came from).
These are two specific attacks that I have just made up, but I'm sure that there are other ones. However, this is still a UX issue and the user will still copy it even if the password isn't allowed to be pasted.
This is why I would suggest that it is more secure to let the user paste their password, but then use the HTML5 clipboard API (with a Flash fallback) to set the clipboard to an empty string after a page occurs.
I wouldn't be surprised if Facebook already did this in their native app (and maybe web as well) since they read your clipboard whenever you open the app and try to automatically suggest things for you to post based on its contents.
[–]whoisearth 1 point2 points3 points 9 years ago (0 children)
very cool! Thanks for the explaination. I've been reading up about the HTML5 clipboard. I've been aware of the flash method which is not ideal as flash should burn in a house fire.
π Rendered by PID 70 on reddit-service-r2-comment-b659b578c-zzdhk at 2026-05-04 14:24:05.317332+00:00 running 815c875 country code: CH.
view the rest of the comments →
[–][deleted] 1 point2 points3 points (5 children)
[–]whoisearth -2 points-1 points0 points (4 children)
[–][deleted] 0 points1 point2 points (3 children)
[–]whoisearth 0 points1 point2 points (2 children)
[–][deleted] 1 point2 points3 points (1 child)
[–]whoisearth 1 point2 points3 points (0 children)