Pastejacking icon indicating copy to clipboard operation
Pastejacking copied to clipboard

Published 20 hours ago verified publisher icon dxa4481

Suggestion: use X(org) selection on *nix

Open mathbr opened this issue 8 years ago • 5 comments

With X(org) on *nix systems it is common to copy text simply by selecting it and pasting it via middle click. It seems like this procedure is not affected by pastejacking.

Is this assumption correct or are there simply no attempts to cover this yet?

mathbr avatar May 24 '16 19:05 mathbr

@mathbr I just pushed an update that ties into the copy event, instead of the key press event. Can you check to see if it works via highlighting now? https://security.love/Pastejacking

dxa4481 avatar May 28 '16 20:05 dxa4481

Does not work for me, the middle click clipboard is a separate clipboard in Xorg.

ghost avatar May 28 '16 21:05 ghost

Interesting. So I'm just adding contents to the wrong clipboard then? I believe you'd still be vulnerable to the classic css/html issue https://thejh.net/misc/website-terminal-copy-paste

dxa4481 avatar May 28 '16 21:05 dxa4481

Yes, confirmed.

ghost avatar May 28 '16 21:05 ghost

@dxa44881, same here, copy and paste via X clipboard seems not affected. The 2nd link also doesn't work via X but it works as expected with regular copy and paste.

mathbr avatar May 28 '16 22:05 mathbr