undefined | Better HN

0 pointspalata2mo ago0 comments

> It's still a large security hole though!

May I ask how it is a large security hole and how it is larger than the "Ctrl+C" clipboard? Genuinely interested.

0 comments

A web page with Javascript can see & send off something you paste into a text box as soon as it appears. So if you accidentally paste some confidential information, like a password, that's a security hole even if you notice and delete it straight away. This happens even for totally innocent reasons, like search-as-you-type.

Ctrl-C/Ctrl-V copy and paste is not such a big issue because far more people are familiar with it, and it requires more deliberate actions on both sides (copying and pasting). So you're less likely to accidentally copy something around that you didn't mean to.

PunchyHamster2mo ago

Wouldn't website paste it from clipboard and not primary selection (X11 have those separate) ?

palataOP2mo ago

> So if you accidentally paste some confidential information

So nothing like a "large security hole" that needs to be fixed, right?

I mean at this point, "SSH is a large security hole because people may enter their password while someone looks at their keyboard". I wouldn't consider that a reason to remove SSH.

wafflemaker2mo ago

So you would still need to paste deliberately.

So it's not really a security hole as much as knowing your passwords and muttering them in your sleep is one.

j / k navigate · click thread line to collapse