https://github.com/dxa4481/Pastejacking Demo: https://security.love/Pastejacking Discussion: https://news.ycombinator.com/item?id=11757973
Yes, threatpost.com is also using this trick. When you copy-paste content from their site they automatically add something like: So you have to be careful and remove that text before posting.
Then you can't be sure that if you copy a long text from a webpage that it is the same text after pasting it But if you disable scripts on threatpost.com, this trick can't be done anymore.
http://www.ghacks.net/2016/05/24/chrome-copy-text-manipulation/ http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ I've set dom.event.clipboardevents.enabled to false. No problems so far.
No it would paste it also in notepad. Modification of clipboard is conducted during copying text not pasting it...
Yes, off course. Or you can remove if after pasting. That's how I do it when posting links to threatpost articles.
some more information: https://nakedsecurity.sophos.com/20...rust-things-you-cut-and-paste-from-web-pages/ Demo: https://thejh.net/misc/website-terminal-copy-paste I have set dom.event.clipboardevents.enabled to false but in the above demo the clipboard is still modified
That about:config entry doesn't help much, well... I mean it doesn't solve this issue. I think a clipboard addon needs to be included as well. The name of it defeats me at the moment and I haven't got it bookmarked either. Argh!