Granting JavaScript access to the clipboard: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
No edit summary
(Simplifying signed.applets paragraph. Sectioning into three sections. Placing the extension section first (as it's the eaisest and safest).)
Line 1: Line 1:
By default, [[JavaScript]] is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. [[Rich text editing|Rich text editors]] (such as implementations of [[Midas|Mozilla's Midas]]) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere.
By default, [[JavaScript]] is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. [[Rich text editing|Rich text editors]] (such as implementations of [[Midas|Mozilla's Midas]]) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere.


In most instances, you can enable these scripts by creating a [[Security Policies | security policy]] for the site in question. There is no built-in interface to do this, so you will need to [[Editing configuration | edit user.js]]. You can also edit [[about:config]], but [https://bugzilla.mozilla.org/show_bug.cgi?id=284673 due to a bug], you will not see the changes you've made (though they will take effect).
==Extension==
Instead of manually setting preferences, the [https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=852 AllowClipboard Helper extension] manages security policies with a convenient user interface and automates the steps below.
 
==Security policies===
You can also enable clipboard access by creating a [[Security Policies | security policy]] for the site in question. There is no built-in interface to do this, so you will need to [[Editing configuration | edit user.js]]. You can also edit [[about:config]], but [https://bugzilla.mozilla.org/show_bug.cgi?id=284673 due to a bug], you will not see the changes you've made (though they will take effect).


In user.js, add the following lines:
In user.js, add the following lines:
Line 16: Line 20:
''(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to allow clipboard access.)''
''(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to allow clipboard access.)''


An alternative to manually setting these preferences is using the [https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=852 AllowClipboard Helper extension], which manages the security policy for you and gives you a convenient user interface.
==Granting to signed scripts==
 
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. To grant these privileges, which include clipboard access, to signed scripts, set '''signed.applets.codebase_principal_support''' to '''true''' via [[about:config]]. This is not recommended as you cannot limit which sites have these extra privileges.
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. This method uses [http://www.mozilla.org/projects/security/components/jssec.html signed JavaScript] (a Netscape/Mozilla-specific technology), and requires that you set a preference allowing them advanced privileges.
 
To grant privileges (including clipboard access) to signed scripts, set '''signed.applets.codebase_principal_support''' to '''true''' via [[about:config]] or [[Editing configuration | user.js]]. Note that this is not generally recommended, as you cannot limit which sites have these extra privileges.


===See also===
===See also===

Revision as of 02:23, 16 March 2006

By default, JavaScript is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. Rich text editors (such as implementations of Mozilla's Midas) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere.

Extension

Instead of manually setting preferences, the AllowClipboard Helper extension manages security policies with a convenient user interface and automates the steps below.

Security policies=

You can also enable clipboard access by creating a security policy for the site in question. There is no built-in interface to do this, so you will need to edit user.js. You can also edit about:config, but due to a bug, you will not see the changes you've made (though they will take effect).

In user.js, add the following lines:

user_pref("capability.policy.policynames", "allowclipboard");
user_pref("capability.policy.allowclipboard.sites", "http://www.example.com");
user_pref("capability.policy.allowclipboard.Clipboard.cutcopy", "allAccess");
user_pref("capability.policy.allowclipboard.Clipboard.paste", "allAccess");

The line with capability.policy.allowclipboard.sites can have multiple websites separated by spaces, like so:

user_pref("capability.policy.allowclipboard.sites", "http://www.example.com http://www.example.net");

(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to allow clipboard access.)

Granting to signed scripts

Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. To grant these privileges, which include clipboard access, to signed scripts, set signed.applets.codebase_principal_support to true via about:config. This is not recommended as you cannot limit which sites have these extra privileges.

See also

External links