Re: Windows Security Flaw - The Clipboard
From: Jeff Bramwell (jbramwell@---)
Date: 12/23/02
- Next message: Tom Helms: "Re: Access to my old files"
- Previous message: rob bolinger: "password protect?"
- In reply to: Robert Moir: "Re: Windows Security Flaw - The Clipboard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jeff Bramwell" <jbramwell@--- no sp@m please ---cox.net> Date: Sun, 22 Dec 2002 23:27:50 -0600
That's very true, but it is also very easy for a client-side JavaScript
function to grab the clipboard contents, append it to a URL as a parameter
(e.g. http://www.somedomain.com?secretclipboardcontents=xxxxx), and then
open that URL in the current browser window, a hidden frame, or possibly a
new window. The JavaScript could also store the clipboard contents as a
cookie and then refresh the current page. In any of these cases the server
would be able to read the contents.
Interesting.
--- Jeff
"Robert Moir" <bofh@mvps.org> wrote in message
news:Ow2frZiqCHA.1848@TK2MSFTNGP09...
> Jeff Bramwell wrote:
> > Not exactly, but they do prove that JavaScript code can read your
> > clipboard contents. So, if your browser can run JavaScript, then it
> > would be very easy for a web site to retrieve your clipboard's
> > contents.
>
> Client side and server side script ain't the same.
>
>
- Next message: Tom Helms: "Re: Access to my old files"
- Previous message: rob bolinger: "password protect?"
- In reply to: Robert Moir: "Re: Windows Security Flaw - The Clipboard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
