Hi all,
I am porting a web application from IE 6.0 to FireFox 1.5. I have
solved almost all compatibility issues (quite a lot but not too bad)
except two of them :
1) Clipboard access thru' JavaScript (programmatical copy and
paste actions)
2) Monitoring and driving Insert/Overwrite mode on input fields
Any help appreciated.
Philippe 12 6093
PMA said the following on 4/13/2006 6:04 AM: Hi all,
I am porting a web application from IE 6.0 to FireFox 1.5. I have solved almost all compatibility issues (quite a lot but not too bad) except two of them :
1) Clipboard access thru' JavaScript (programmatical copy and paste actions)
Can't programatically access the Clipboard in Firefox. It's an IE-only
security flaw - err - feature.
2) Monitoring and driving Insert/Overwrite mode on input fields
If memory serves me correctly, that can't be done in FF either.
--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
OK
Thanks
But why do you consider access to clipboard thru' JS is a sec flaw ? I
really wonder why ...
PMA wrote: OK
Thanks
But why do you consider access to clipboard thru' JS is a sec flaw ? I really wonder why ...
Many times the word security flaw is used, especially when no scenario
is described, it means annoyance. Nevertheless, in this particular
instance, it can lead to data loss for the user. Consider that you are
editing something in Word and you do a cut. Along comes a
window.setTimeout from an open browser which decides it wants to write
to the clipboard and, poof, you don't get back what you cut.
It might be that there is an option or security setting that allows you
to bypass this restriction (not sure on that). Also, if your app is
for an intranet where you can dictate requirements, then this is
possible if you can require your users to have an extension to Firefox,
such as GreaseMonkey.
Csaba Gabor from Vienna
Csaba Gabor wrote: PMA wrote: OK
Thanks
But why do you consider access to clipboard thru' JS is a sec flaw ? I really wonder why ... Many times the word security flaw is used, especially when no scenario is described, it means annoyance. Nevertheless, in this particular instance, it can lead to data loss for the user. Consider that you are editing something in Word and you do a cut. Along comes a window.setTimeout from an open browser which decides it wants to write to the clipboard and, poof, you don't get back what you cut.
I would say that is one of the least serious problems.
What about a webapp in the background that send all clipboardcontent to some
badguy's server nonstop?
And I think we saw reasons enough last years to consider IE a security flaw
on it's own behalf, not to mention the time Microsoft needs to patch their
own shit and release the patch.
Regards,
Erwin Moller It might be that there is an option or security setting that allows you to bypass this restriction (not sure on that). Also, if your app is for an intranet where you can dictate requirements, then this is possible if you can require your users to have an extension to Firefox, such as GreaseMonkey.
Csaba Gabor from Vienna
"Csaba Gabor" <da*****@gmail.com> writes: Many times the word security flaw is used, especially when no scenario is described, it means annoyance. Nevertheless, in this particular instance, it can lead to data loss for the user.
It can also lead to compromise of secret data:
<URL:http://tom.me.uk/clipboard/>
Since I use an application for storing my passwords, I will have them
in the clipboard at times. Were I to have IE open on a malicious page
at the time, that password could be sent to the bad guy.
A simple example of what can get captured:
---
<textarea id="store" rows="50" cols="80"></textarea>
<script type="text/javascript">
(function loot() {
var store = document.getElementById("store");
var last = "";
setInterval(
function(){
var now = window.clipboardData.getData("Text");
if (now != last) {
store.value += now;
last = now;
}
}, 250);
})()
</script>
---
Have this running in the background for a while and come back and see.
Then remember that this could all have been sent to somewhere using a
XMLHTTPRequest.
/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
Gotcha,
However, when inside some intranet apps (in fact we are just using Web
technologies for making applications that are NOT connected to the
Internet and where security issues are monitored thru' a lot of
securities guys, anti virus, anti-spyware, anti-trojan anti-...,
firewalls (many, many, many of them) it is in a way strange that no
configuration is provided to release some features like the one I need
in FF.
Thanx
Philippe
PMA wrote: Gotcha,
However, when inside some intranet apps (in fact we are just using Web technologies for making applications that are NOT connected to the Internet and where security issues are monitored thru' a lot of securities guys, anti virus, anti-spyware, anti-trojan anti-..., firewalls (many, many, many of them) it is in a way strange that no configuration is provided to release some features like the one I need in FF.
Well, you 3 options:
1) you can always code them yourself.
Firefox is an Open Source initiative after all.
2) Search for a plugin that enables clipboardmanipulation.
Google for "plugin firefox clipboard"
Three link that might interest you: http://extensionroom.mozdev.org/main.php/Firefox https://addons.mozilla.org/extension...cation=firefox http://www.quickonlinetips.com/archi...power-surfing/
I didn't check any of them myself, but I think that if you look into how the
plugins work, you can maybe make your own.
I am unsure if you can make a link to Javascript, as you asked in your
original question.
3) Or you can ask the developers of Firefox if they want to implement it.
It is technically not difficult.
Regards,
Erwin Moller Thanx Philippe
PMA wrote: Hi all,
I am porting a web application from IE 6.0 to FireFox 1.5. I have solved almost all compatibility issues (quite a lot but not too bad) except two of them :
1) Clipboard access thru' JavaScript (programmatical copy and paste actions) 2) Monitoring and driving Insert/Overwrite mode on input fields
Any help appreciated.
Philippe
Take a look at:-
<URL:http://xulplanet.com/references/xpcomref/group_Clipboard.html>
<URL:http://xulplanet.com/references/xpcomref/group_Selection.html>
Regards
Julian Turner
Thanx very much ...
I would not like to go to a specific dev for that feature. In a way I
prefer to "limit" the application users than telling IT departement
(there are not far from 15,000 users !) that they have to
"re-masterize" 15,000 Workstations ...
Best regards
Philippe
Lasse Reichstein Nielsen wrote: It can also lead to compromise of secret data: <URL:http://tom.me.uk/clipboard/> Since I use an application for storing my passwords, I will have them in the clipboard at times. Were I to have IE open on a malicious page at the time, that password could be sent to the bad guy.
I had a small iframe script which captured clipboard contents silently in
the background on my javascript page for a while, just for curiosity sake.
It was quite amazing what I captured. Internal memos, passwords, IM chats,
emails, lots of code snippets, _lots_ of url's, etc.
Along with disabling ActiveX and "Install On Demand", disabling the
clipboard feature in IE is one of the basic steps every IE user should take
to make their browsing more secure. Besides switching to Firefox, of course
;)
--
Matt Kruse http://www.JavascriptToolbox.com http://www.AjaxToolbox.com
Matt Kruse wrote: Lasse Reichstein Nielsen wrote: It can also lead to compromise of secret data: <URL:http://tom.me.uk/clipboard/> Since I use an application for storing my passwords, I will have them in the clipboard at times. Were I to have IE open on a malicious page at the time, that password could be sent to the bad guy.
I had a small iframe script which captured clipboard contents silently in the background on my javascript page for a while, just for curiosity sake.
It was quite amazing what I captured. Internal memos, passwords, IM chats, emails, lots of code snippets, _lots_ of url's, etc.
Along with disabling ActiveX and "Install On Demand", disabling the clipboard feature in IE is one of the basic steps every IE user should take to make their browsing more secure. Besides switching to Firefox, of course
Boy, remind me to be very careful when visiting your sites!
I'll add just one more method into the mix: If you install
GreaseMonkey and then customize it per http://www.nabble.com/GM_sendKeys-t1421601.html, then using
GM_sendKeys("^c",textarea) and GM_sendKeys("^v",textarea) does a copy
and paste to the textarea. Of course any other GM script that you
allow might be just as sneaky as Matt's site, so be careful...
Csaba
Csaba Gabor wrote: Boy, remind me to be very careful when visiting your sites!
To be fair, it should be noted that the "experiment" was short-term, and
followed up with a message to the user alerting them of the security problem
in their browser. It was an experiment I did to prove how problematic this
feature is, and to use that evidence to convince some administrators in
several companies to disable the feature in all of their IE installations.
--
Matt Kruse http://www.JavascriptToolbox.com http://www.AjaxToolbox.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: LG |
last post by:
Just have a question with regards to the clipboard, and how to read what
other applications (Adobe InDesignCS) place in the clipboard.
I am currently in the process of creating a booklet from a...
|
by: TC |
last post by:
Hello,
I am familiar with obtaining source file reference material from the system
clipboard using the old Win32 API.
For example, copy an Excel chart onto the clipboard and goto Word. Under,...
|
by: tabonni |
last post by:
Hello All
I am creating an ASP page. There are a list of filename and checkbox
next to it. When user checked all the documents they want and click
ADD TO CLIPBOARD button. All filepaths will be...
|
by: johngilmer |
last post by:
By default, when I type into a text box, it inserts the text into the
existing text rather than overwriting the existing text. If I hit the
"insert" key on my keyboard, it switches the mode to...
|
by: wayne |
last post by:
I found the following script to copy text to the client clipboard but
it is not working in Firefox (works fine in IE 6). Can anyone suggest
what I need to change?
...
|
by: **Developer** |
last post by:
I have a RichTextBox and I want to programmatically change the
Insert/Overwrite mode.
I tried the following but it doesn't appear to change the mode.
Pressing the Insert or Ins key does change...
|
by: Francesc Guim Bernat |
last post by:
Dear colleagues,
i'm getting in troubles using one XML library with Visual Studio .NET
and Xerces with Xalan.
When i execute the code i get the next run time error:
"Run-Time Check Failure #2...
|
by: Developer |
last post by:
I use the RichTextBox and sometimes put it into overwrite mode.
I'd like the cursor to show whether its in overwrite or insert mode.
I often use
Cursor.Current = Cursors.WaitCursor
and...
|
by: bogdanm |
last post by:
Hello everyone, I am having a probleme with a issuu code when trying to insert it o my site
it doesnt work in IE but in mozzila works fine
the code is bellow:
<div><object...
|
by: Mushico |
last post by:
How to calculate date of retirement from date of birth
|
by: DJRhino |
last post by:
Was curious if anyone else was having this same issue or not....
I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
|
by: giovanniandrean |
last post by:
The energy model is structured as follows and uses excel sheets to give input data:
1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
|
by: Teri B |
last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course.
0ne-to-many. One course many roles.
Then I created a report based on the Course form and...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM)
Please note that the UK and Europe revert to winter time on...
|
by: nia12 |
last post by:
Hi there,
I am very new to Access so apologies if any of this is obvious/not clear.
I am creating a data collection tool for health care employees to complete. It consists of a number of...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
|
by: isladogs |
last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, Mike...
| |