Your Ad Here

» Your Clipboard text


Does the text in above seems to be familiar? It is the text that is the present in you clipboard. Yes, the same text that you copied last into your clipboard to paste it somewhere. Can you believe this?

The above text was retrieved with just one and only one line of Javascript code with out using any server side scripting like PHP, Perl, ASP or JSP. It can be retrieved even without the user knowing about it and can be transferred to any server through AJAX (remote scripting) without even submitting the page. And the worst part is that it is even possible to change the text that is present in your clipboard.

Is it very hard to believe? Ok just click this button and then check the text that is present in you clipboard using the Windows Clipboard viewer or by just simply pasting it in notepad. (You can also view your clipboard text in the above box)

Again the clipboard text was changed using just only one line of Javascript code with out the need of any server side scripting language.

Note that here I have demonstrated only about plain text that is present in clipboard, but it is very well possible to retrieve picture, file or even url from clipboard.

» Practical Demonstration

If you feel what the heck can be done with the clipboard text, then see this practical demonstration in action which shows you the severity of the risk involved.

This can be done if you are using Internet Explorer (above IE5.0) in any Windows Operating system. There is also a claim that it is possible to do this in MAC if you are using Internet Explorer, but since I don't have access to it I haven't tested it. Can any one who has access to MAC throw light on this. It is also said that the above security lapse is present in Netscape 4, again I haven't tested it. I have tested it in Firefox and it does not allow this.

» Prevention

Now you know that your clipboard text is not secure, so what you can do to prevent any possible misuse. Follow these steps to change the settings in Internet Explorer to prevent scripts from pasting values into your forms. Though it restricts the misuse to an extend, it is not foolproof. So if you deal some sensitive information, it is better to discard your clipboard texts before you start browsing. Or if it still bothers you, then shift to a more secure browser like Firefox.