search

MetaMask / metamask-extension

:globe_with_meridians: :electric_plug: The MetaMask browser extension enables browsing Ethereum blockchain enabled websites
https://metamask.io
Other
12.07k stars 4.93k forks source link

[Bug]: Clipboard overwriting clobbers contents of clipboard indiscriminately #25603

Open ThatGamerBlue opened 4 months ago

ThatGamerBlue commented 4 months ago

Describe the bug

If you copy an address, and before 60 seconds passes for the code to overwrite the address with a space character, copy something else, the other thing you copied gets overwritten when the timeout hits.

Expected behavior

If I copied something else, for it not to be overwritten. An option to disable overwriting entirely would be nice, it gets annoying pasting to a lot of people.

Screenshots/Recordings

No response

Steps to reproduce

  1. Copy an address in metamask
  2. Copy something else, I selected my balance and hit ctrl+c
  3. Wait 60 seconds (I waited on my metamask tab, not sure if this is required)
  4. The next time you paste, it will be a space instead of what you copied in step 2

Error messages or log output

No response

Version

11.16.10

Build type

None

Browser

Firefox

Operating system

Windows

Hardware wallet

No response

Additional context

No response

Severity

No response

desi commented 3 months ago

Here is what we think we know at the moment:

The clipboard-clearing functionality was/is designed to protect sensitive information like private keys and seed phrases. The rationale is to prevent users from accidentally pasting these sensitive items somewhere insecure sometime later.

The current behavior clears the clipboard after 60 seconds, but this only happens if the tab is still open. This is intended to reduce the risk of sensitive data exposure.

Maybe we should revisit this feature entirely, it might be appropriate to consult the Product Safety Team to determine the best approach.

github-actions[bot] commented 4 days ago

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 45 days if there is no further activity. The MetaMask team intends on reviewing this issue before close, and removing the stale label if it is still a bug. We welcome new comments on this issue. We do not intend on closing issues if they report bugs that are still reproducible. Thank you for your contributions.