Intro
It's not really new and has been available with the first FF3 revisions. But at least the question remains if copying useless and non-standard features from IE is really such a good idea.
The mentioned events do not exactly enable clipboard stealing but compared to the ancient onselect it's easier to grab user selections from arbitrary tags - and not just from form elements. Also there's some kind of relevancy bonus too. If a user copies some text from a website this text is probably important for him - and therefore also interesting for an eavesdropper who cross site scripted the affected website.
Code
Let's have a look at some code
<html> <head> </head> <body oncopy="alert(getSelection().getRangeAt(0).extractContents().textContent)" oncut="alert(getSelection().getRangeAt(0).extractContents().textContent)" > <p>copy/cut/paste me!</p> <textarea id="paste" onpaste="setTimeout(function(){alert(document.getElementById('paste').value)},50)"> </textarea> </body> </html>
Conclusion
This is neither new nor very hot but an example for copying a 'bad idea' feature from a 'bad idea' browser (not speaking of IE8 yet but earlier versions) and widens the attack window against the user and their privacy. Rebuilding proprietary features invented by the IE team is one thing - picking those which could be security critical is something else.
No comments:
Post a Comment