Granting JavaScript access to the clipboard: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
m (→‎Security policies: Unlinking http://example.(com|net)/)
(Upgrading See Also and External Links to h2; edit log spam!)
Line 21: Line 21:
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard.  To grant these privileges, which include clipboard access, to signed scripts, set '''signed.applets.codebase_principal_support''' to '''true''' via [[about:config]]. This is not recommended as you cannot limit which sites have these extra privileges.
Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard.  To grant these privileges, which include clipboard access, to signed scripts, set '''signed.applets.codebase_principal_support''' to '''true''' via [[about:config]]. This is not recommended as you cannot limit which sites have these extra privileges.


===See also===
==See also==
* [[Security Policies]]
* [[Security Policies]]
* [[Editing configuration]]
* [[Editing configuration]]


===External links===
==External links==
* [http://www.mozilla.org/editor/midasdemo/securityprefs.html Setting Prefs for the Mozilla Rich Text Editing Demo]
* [http://www.mozilla.org/editor/midasdemo/securityprefs.html Setting Prefs for the Mozilla Rich Text Editing Demo]
* [https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=852 AllowClipboard Helper extension]
* [https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=852 AllowClipboard Helper extension]

Revision as of 02:25, 16 March 2006

By default, JavaScript is not allowed to read or set your clipboard data for security and privacy reasons. This is because websites scripts can erase and replace what you currently have in your clipboard (data loss issue) and they can read whatever you have in your clipboard (security and privacy issue); as such, you should grant access with caution. There are, however, instances when you might want to bypass this restriction for certain sites. Rich text editors (such as implementations of Mozilla's Midas) often require access to the clipboard to use copy/paste functions. Other sites may copy useful information to the clipboard for the user to paste elsewhere.

Extension

Instead of manually setting preferences, the AllowClipboard Helper extension manages security policies with a convenient user interface and automates the steps below.

Security policies

You can also enable clipboard access by creating a security policy for the site in question. There is no built-in interface to do this, so you will need to edit user.js. You can also edit about:config, but due to a bug, you will not see the changes you've made (though they will take effect).

In user.js, add the following lines:

user_pref("capability.policy.policynames", "allowclipboard");
user_pref("capability.policy.allowclipboard.sites", "http://www.example.com");
user_pref("capability.policy.allowclipboard.Clipboard.cutcopy", "allAccess");
user_pref("capability.policy.allowclipboard.Clipboard.paste", "allAccess");

The line with capability.policy.allowclipboard.sites can have multiple websites separated by spaces, like so:

user_pref("capability.policy.allowclipboard.sites", "http://www.example.com http://www.example.net");

Replace "http://www.example.com" and "http://www.example.net" with sites you wanted to allow clipboard access.

Granting to signed scripts

Occasionally the above will not work, as the scripts that need access may use an alternate method of accessing the clipboard. To grant these privileges, which include clipboard access, to signed scripts, set signed.applets.codebase_principal_support to true via about:config. This is not recommended as you cannot limit which sites have these extra privileges.

See also

External links