[tahoe-dev] Fwd: Disabling clipboard access in Internet Explorer
zooko
zooko at zooko.com
Sun Nov 9 03:43:23 UTC 2008
Folks:
Collin Jackson is an expert on browser security. He looked into the
question of whether malicious JavaScript running on a web page that
you are viewing could read the contents of your Windows clipboard.
If so, then such malicious JavaScript would be able to steal any
capabilities that you were cutting and pasting. (Or, if you were
using passwords instead of capabilities, such JavaScript would be
able to steal any passwords that you cut and paste.)
However, it turns out that this has been fixed in IE7.
Regards,
Zooko
Begin forwarded message:
> From: "Collin Jackson" <collinj at cs.stanford.edu>
> Date: November 8, 2008 12:55:02 PM MST
> To: zooko at zooko.com
> Subject: Disabling clipboard access in Internet Explorer
>
> Hi Zooko,
>
> I've been meaning to touch base with you on clipboard access in IE.
>
> My statements about clipboard access were based on IE6; it looks like
> Microsoft has taken steps to address this issue in IE7 and now prompts
> the user for clipboard access:
>
> http://msdn.microsoft.com/en-us/library/bb250473(VS.85).aspx
>
> Based on this, I don't think you need to worry too much about
> clipboard snooping in IE7. If you want to provide instructions for IE6
> users, here they are:
>
> http://support.microsoft.com/kb/224993
>
> Note that Flash Player allows sites to save information to the
> clipboard (but not read it) without prompting.
>
> -- Collin Jackson
More information about the tahoe-dev
mailing list