Clippy, the bush paperclip.
Still using Microsoft Internet Explorer? Want to see something scary? IE allows web developers full read access to your clipboard while you're surfing the net. Have you ever copied and pasted user account details between two windows? Have you ever used a password manager such as Password Safe to keep track of your user accounts on websites? Well, check this sucker out:
If you're using IE and you've got something in the clipboard you should be able to see the contents printed in that box. Hit refresh to update it. It's a single line of Javascript code that does that:
If you're seeing this, you're not using IE. Good job!
If you're using IE and you've got something in the clipboard you should be able to see the contents printed in that box. Hit refresh to update it. It's a single line of Javascript code that does that:
var text = clipboardData.getData("Text");So what? It's not as if this data is going anywhere, right? Well, wrong. Thanks to XMLHttpRequest (the basis of AJAX) your clipboard contents could have been sitting in my email inbox by the time you started reading this news item. Luckily for you it's not ('View', 'Source' if you want to check), but not all websites will be that nice. So, what can you do? Well, you could make the change to Firefox, Opera or Safari. I have, and haven't looked back. Or you could disable Javascript - it'll break some sites, but it's pretty much the safest way to use IE. Or you could follow these steps to disable this particular 'feature':- Open up Tools, Internet Options
- Go to the 'Security' tab
- Click the 'Custom Level' button
- Scroll to 'Scripting'
- Set 'Allow paste operations via script' to 'Disable'