Pastejacking (webpages modifies clipboard, alters consequences of paste)

https://github.com/dxa4481/Pastejacking

Demo: https://security.love/Pastejacking
Discussion: https://news.ycombinator.com/item?id=11757973

 

HAHAHAHAHAHA wth... right-clicking pasted properly, ctrl + c and v didn't... this is so messed up.

 

Yes, threatpost.com is also using this trick. When you copy-paste content from their site they automatically add something like:

So you have to be careful and remove that text before posting.

 

Then you can't be sure that if you copy a long text from a webpage that it is the same text after pasting it

But if you disable scripts on threatpost.com, this trick can't be done anymore.

 

Yes, when inline scripts are disabled, this behavior breaks.

 

Never heard about this before, sounds weird to me, what is the purpose?

 

http://www.ghacks.net/2016/05/24/chrome-copy-text-manipulation/

http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/

I've set dom.event.clipboardevents.enabled to false. No problems so far.

 

Wouldn't copying the text to a notepad file get rid of the crud?

 

No it would paste it also in notepad. Modification of clipboard is conducted during copying text not pasting it...

 

But you could then manually remove the crud before pasting - correct?

 

Yes, off course. Or you can remove if after pasting. That's how I do it when posting links to threatpost articles.

 

some more information: https://nakedsecurity.sophos.com/20...rust-things-you-cut-and-paste-from-web-pages/
Demo: https://thejh.net/misc/website-terminal-copy-paste

I have set dom.event.clipboardevents.enabled to false but in the above demo the clipboard is still modified

 

That about:config entry doesn't help much, well... I mean it doesn't solve this issue. I think a clipboard addon needs to be included as well. The name of it defeats me at the moment and I haven't got it bookmarked either. Argh!