Comments (5)
SanderRonde
commented on June 16, 2024
Short answer: no
If you'd want to copy from the clipboard you'd still need to specify the target element, so you'd have the same issue. In addition the clipboard is very protected in chrome and other browsers. If some javascript could arbitrarily paste from the clipboard it's very easy to just send confidential data that's on the clipboard to a server.
There's not really a simple way to make this element-agnostic since there are a lot of implementations of input elements. I'd say it's more of a game of writing some code, testing it, changing it until it works on another website too and doing that until you've got most covered. It's indeed also very likely that some implementations don't use the input element at all, for those implementations you'll have to come up with something else. An idea: you could use accessibility APIs to locate input elements on the page. Generally speaking implementations of input elements will want to announce that they are inputs to the accessibility APIs so that should make it possible to find them. I'm not sure exactly how but it's a starter.
from customrightclickmenu.
knowltonGitHub
commented on June 16, 2024
I consider the matter closed. And I suspected as much, but you never know
what you might learn by asking.
A few thoughts:
That is an interesting twist ... using Accessibility API.
So, I wonder what is happening behind the scenes for a copy and paste? I'm
intrigued. How is Chrome able to prevent it from happening?
Also - it is not even possible to set this up so the end-user MUST give a
response of YES or NO for what is being pasted into the form?
Also, this seems like kind of Google contradicting itself. Google
routinely pastes oft-used values into forms, like your name, address, phone
number and other things. But they won't let developers at large do it?
There must be some way to establish trust. I am doing this just for my OWN
use, after all. There must be a way to tell Chrome that it is me creating
the extension, using the extension, copying, pasting, etc.
Thank you,
Tom
…On Thu, Mar 30, 2023 at 11:05 AM Sander Ronde ***@***.***> wrote:
Short answer: no
If you'd want to copy from the clipboard you'd still need to specify the
target element, so you'd have the same issue. In addition the clipboard is
very protected in chrome and other browsers. If some javascript could
arbitrarily paste from the clipboard it's very easy to just send
confidential data that's on the clipboard to a server.
There's not really a simple way to make this element-agnostic since there
are a lot of implementations of input elements. I'd say it's more of a game
of writing some code, testing it, changing it until it works on another
website too and doing that until you've got most covered. It's indeed also
very likely that some implementations don't use the input element at all,
for those implementations you'll have to come up with something else. An
idea: you could use accessibility APIs to locate input elements on the
page. Generally speaking implementations of input elements will want to
announce that they are inputs to the accessibility APIs so that should make
it possible to find them. I'm not sure exactly how but it's a starter.
—
Reply to this email directly, view it on GitHub
<#78 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGN4RM5CKA3XKYOPR3NFK73W6W4MJANCNFSM6AAAAAAWNRWLGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from customrightclickmenu.
SanderRonde
commented on June 16, 2024
I'll close the issue then :)
So, I wonder what is happening behind the scenes for a copy and paste? I'm
intrigued. How is Chrome able to prevent it from happening?
Chrome is the browser that supplies the javascript runtime that allows you to paste text via a command. They have full control over what to allow and what not. Chrome talks to the operating system directly but you don't.
Also - it is not even possible to set this up so the end-user MUST give a
response of YES or NO for what is being pasted into the form?
Sort of yes, there is the clipboard api but that has permissions on a website-level and not a chrome-extension level. You used to have the clipboard API in chrome extensions but that's been deprecated a long time ago. Also for the same reason: an extension could easily use this API to read your clipboard at all times and send it to an evil server.
Also, this seems like kind of Google contradicting itself. Google
routinely pastes oft-used values into forms, like your name, address, phone
number and other things. But they won't let developers at large do it?
Yep, but Google knows of itself that it's not a bad actor. Any random website could be a bad website.
There must be some way to establish trust. I am doing this just for my OWN
use, after all. There must be a way to tell Chrome that it is me creating
the extension, using the extension, copying, pasting, etc.
Unfortunately not, I'm afraid this is not a big enough use case to the point where Google has developed such a chain.
from customrightclickmenu.
knowltonGitHub
commented on June 16, 2024
Thanks...I appreciate the reply and further clarification!
"Chrome talks to the operating system directly but you don't."
Sounds like something I could hook into?
Does Assembly language extend to interaction with a web browser? Can you
write Assembly in JavaScript? Would that help?
…On Thu, Mar 30, 2023 at 11:46 AM Sander Ronde ***@***.***> wrote:
I'll close the issue then :)
So, I wonder what is happening behind the scenes for a copy and paste? I'm
intrigued. How is Chrome able to prevent it from happening?
Chrome is the browser that supplies the javascript runtime that allows you
to paste text via a command. They have full control over what to allow and
what not. Chrome talks to the operating system directly but you don't.
Also - it is not even possible to set this up so the end-user MUST give a
response of YES or NO for what is being pasted into the form?
Sort of yes, there is the clipboard api
<https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API> but that
has permissions on a website-level and not a chrome-extension level. You
used to have the clipboard API
<https://developer.chrome.com/docs/extensions/reference/clipboard/> in
chrome extensions but that's been deprecated a long time ago. Also for the
same reason: an extension could easily use this API to read your clipboard
at all times and send it to an evil server.
Also, this seems like kind of Google contradicting itself. Google
routinely pastes oft-used values into forms, like your name, address, phone
number and other things. But they won't let developers at large do it?
Yep, but Google knows of itself that it's not a bad actor. Any random
website could be a bad website.
There must be some way to establish trust. I am doing this just for my OWN
use, after all. There must be a way to tell Chrome that it is me creating
the extension, using the extension, copying, pasting, etc.
Unfortunately not, I'm afraid this is not a big enough use case to the
point where Google has developed such a chain.
—
Reply to this email directly, view it on GitHub
<#78 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGN4RMYVTDGAA65SDK6DHJDW6XBH7ANCNFSM6AAAAAAWNRWLGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from customrightclickmenu.
SanderRonde
commented on June 16, 2024
Sounds like something I could hook into?
Unfortunately not. There is a lot of work done on chrome's part to make it impossible for javascript to directly interact with the operating system. If that were possible that would mean that any website you visit has access to your operating system. That's obviously pretty dangerous.
Does Assembly language extend to interaction with a web browser? Can you
write Assembly in JavaScript? Would that help?
You can run assembly in javascript but that won't bring you any closer. Assembly is just a language, your runtime is effectively still within the browser and you're still being sandboxed away from the operating system.
from customrightclickmenu.
Related Issues (20)
- Execute when visiting specified sites HOT 1
- [wiki] please give an example how to pass link as an argument for search engine HOT 3
- [wiki]How to add Copy Tab URL HOT 8
- [Questions] Window title! + couple extras HOT 8
- CRX_SIGNATURE_VERIFICATION_FAILED - Cant add extension to edge HOT 3
- [wiki] Download Tutorial HOT 26
- An error occurred. The package is invalid:“CRX_SIGNATURE_VERIFICATION_FAILED” HOT 1
- Can't run the script on chrome-extension:// page. HOT 1
- Is it possible to add items straight to the context menu and not into the submenu? HOT 3
- Cannot rename main node (Custom Menu) to something else in EDGE (works in Google) HOT 3
- Manage permissions dialog is not working HOT 2
- Project abandoned or in development HOT 7
- Bug: Cannot view or edit submenu HOT 1
- Is it possible the use the current tab url in the link settings? HOT 2
- add text to the context menu that when you click on the text it adds it to the form text box HOT 5
- Get text from the CRM item clicked HOT 18
- addon hijacks .js file links HOT 11
- image right click HOT 2
- How to use CRM Keyboard Shortcut in extension shortcuts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from customrightclickmenu.