Option to disable Clipboard API?

ungoogled-software / ungoogled-chromium

Google Chromium, sans integration with Google

BSD 3-Clause "New" or "Revised" License

20.84k stars 846 forks source link

Option to disable Clipboard API? #2622

Open markg85 opened 12 months ago

markg85 commented 12 months ago

Description

Disable (all) features from the "Clipboard API and events" spec

Who's implementing?

[ ] I'm willing to implement this feature myself

The problem

This spec is detrimental to user experience if abused. And it it being abused. What do i mean by that? Some sites allow you to copy but add their extra crap which you see when you paste it. An example from this site. If i copy the text:

openssl genrsa -des3 -out myCA.key 2048

Pasting that text results in:

openssl genrsa -des3 -out myCA.key 2048
Continue reading at https://angrysysops.com/2022/03/22/dns-over-https-in-unbound-extra-step-for-a-home-lab/ | [Angry Admin](https://angrysysops.com/)

In my opinion this is a gross misuse of features. I've seen quite a few sites already that modify the clipboard to add their own bs to is that you didn't select as copy command.

Possible solutions

Option to disable it.

Alternatives

none

Additional context

none

kkocdko commented 11 months ago

IMO this should be a task which a simple user-script or extension can do. If it can be done perfectly by extension, why add it to browser itself?

markg85 commented 11 months ago

Do you have any recommendation for that? I'm not aware of the existence of "anti-polyfill" or "reverse-polyfill" scripts. By which I mean a script to kill an already existing feature with a script.

kkocdko commented 11 months ago

First, set chrome://settings/content/clipboard to "Don't allow sites to ...".

But this only works for modern Clipboard API. For old document.execCommand API you can see this: https://greasyfork.org/scripts/432251 . It's simple and works well.

markg85 commented 11 months ago

chrome://settings/content/clipboard serves a different purpose. It gives the ability to block sites from seeing what you have in your clipboard. As google and microsoft - in all their selfish wishdom - decided it to be handy to see what's on there for interoperability between desktop apps and browser apps. They add some uniquely identifying code to the clipboard to easy their usecase. Sigh.... I call that gross clipboard abuse.

Regarding https://greasyfork.org/scripts/432251, i haven't tested it. If you say it works i believe you on your word. Thing is, i want this to be disabled browser-wide without the need for custom scripts/addons to disable it. That script would be an alternative - less ideal - option.

kkocdko commented 11 months ago

They add some uniquely identifying code to the clipboard to easy their usecase.

Yeah it's annoy, but to be clearify I don't see browser itself r/w clipboard without page do something. The example on your first comment (copy something and got a suffix) is implemented by the page to do:

getSelection()
.preventDefault() the user's copy event
make a invisable element with content + suffix
run input.select() and document.execCommand("copy")

So just ban the page is enough to me. Maybe you did not trust the browser itself but remember the google telemetry in ungoogled-chromium is removed already.