Granting JavaScript access to the clipboard: Difference between revisions
No edit summary |
(Simplifying signed.applets paragraph. Sectioning into three sections. Placing the extension section first (as it's the eaisest and safest).) |
||
Line 1: | Line 1: | ||
By default, [[JavaScript]] is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. [[Rich text editing|Rich text editors]] (such as implementations of [[Midas|Mozilla's Midas]]) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere. | By default, [[JavaScript]] is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. [[Rich text editing|Rich text editors]] (such as implementations of [[Midas|Mozilla's Midas]]) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere. | ||
==Extension== | |||
Instead of manually setting preferences, the [https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=852 AllowClipboard Helper extension] manages security policies with a convenient user interface and automates the steps below. | |||
==Security policies=== | |||
You can also enable clipboard access by creating a [[Security Policies | security policy]] for the site in question. There is no built-in interface to do this, so you will need to [[Editing configuration | edit user.js]]. You can also edit [[about:config]], but [https://bugzilla.mozilla.org/show_bug.cgi?id=284673 due to a bug], you will not see the changes you've made (though they will take effect). | |||
In user.js, add the following lines: | In user.js, add the following lines: | ||
Line 16: | Line 20: | ||
''(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to allow clipboard access.)'' | ''(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to allow clipboard access.)'' | ||
==Granting to signed scripts== | |||
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. To grant these privileges, which include clipboard access, to signed scripts, set '''signed.applets.codebase_principal_support''' to '''true''' via [[about:config]]. This is not recommended as you cannot limit which sites have these extra privileges. | |||
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. | |||
To grant privileges | |||
===See also=== | ===See also=== |
Revision as of 02:23, 16 March 2006
By default, JavaScript is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. Rich text editors (such as implementations of Mozilla's Midas) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere.
Extension
Instead of manually setting preferences, the AllowClipboard Helper extension manages security policies with a convenient user interface and automates the steps below.
Security policies=
You can also enable clipboard access by creating a security policy for the site in question. There is no built-in interface to do this, so you will need to edit user.js. You can also edit about:config, but due to a bug, you will not see the changes you've made (though they will take effect).
In user.js, add the following lines:
user_pref("capability.policy.policynames", "allowclipboard"); user_pref("capability.policy.allowclipboard.sites", "http://www.example.com"); user_pref("capability.policy.allowclipboard.Clipboard.cutcopy", "allAccess"); user_pref("capability.policy.allowclipboard.Clipboard.paste", "allAccess");
The line with capability.policy.allowclipboard.sites
can have multiple websites separated by spaces, like so:
user_pref("capability.policy.allowclipboard.sites", "http://www.example.com http://www.example.net");
(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to allow clipboard access.)
Granting to signed scripts
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. To grant these privileges, which include clipboard access, to signed scripts, set signed.applets.codebase_principal_support to true via about:config. This is not recommended as you cannot limit which sites have these extra privileges.