Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure WebXDC cannot access the clipboard #3416

Open
link2xt opened this issue Sep 27, 2023 · 5 comments · May be fixed by #4568
Open

Make sure WebXDC cannot access the clipboard #3416

link2xt opened this issue Sep 27, 2023 · 5 comments · May be fixed by #4568
Labels
bug Something isn't working webxdc

Comments

@link2xt
Copy link
Collaborator

link2xt commented Sep 27, 2023

See discussion at #3413 (comment)
@link2xt link2xt added bug Something isn't working webxdc labels Sep 27, 2023
@hpk42
Copy link
Contributor

hpk42 commented Sep 28, 2023 via email

@link2xt
Copy link
Collaborator Author

link2xt commented Sep 28, 2023
edited
Loading

WebXDC app should not be able to access the clipboard without explicit user action. Otherwise it is possible to make an app that posts your clipboard to the public board every time you open it.

execCommand('paste') should not work: https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand

New Clipboard API require a clipboard-read permission, this should be asked for each app or disabled.

Pasting into forms is possible in any case.

@hpk42
Copy link
Contributor

hpk42 commented Sep 28, 2023 via email

@Simon-Laux
Copy link
Member

we can try to overwrite it, but then we have the iframe problem again:

iframe.contentWindow.document.execCommand("paste")

btw it still works in electron 26.

also the clipboard api does not work, because it's permission is denied, somehow execCommand works regardless.

@Simon-Laux Simon-Laux mentioned this issue Sep 10, 2024
Closed
1 task
@WofWca
Copy link
Collaborator

WofWca commented Jan 17, 2025
edited
Loading

I looked through Blink features (here and here and was unable to find anything related. And I couldn't find anything useful in Electron docs.

WofWca added a commit that referenced this issue Jan 27, 2025
@WofWca
chore: upgrade Electron from 32 to 34
b257d14 
FYI breaking changes:
- https://www.electronjs.org/blog/electron-33-0#breaking-changes
- https://www.electronjs.org/blog/electron-34-0#breaking-changes

Closes #3416.

Appears to work after some basic testing.
@WofWca WofWca linked a pull request Jan 27, 2025 that will close this issue
Open
WofWca added a commit that referenced this issue Jan 27, 2025
@WofWca
chore: upgrade Electron from 32 to 34
575485b 
FYI breaking changes:
- https://www.electronjs.org/blog/electron-33-0#breaking-changes
- https://www.electronjs.org/blog/electron-34-0#breaking-changes

Closes #3416.

Appears to work after some basic testing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working webxdc
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: upgrade Electron from 32 to 34 deltachat/deltachat-desktop
4 participants
@hpk42 @link2xt @Simon-Laux @WofWca