NoScript and clipboard manipulation

[November]

In NoScript is present, or will be in the future, a function to disable clipboard manipulation?
A feature that prohibits dom.event.clipboardevents.
To forbid the clipboard manipulation to the domains allowed (domains in the whitelist).

Thanks.

[Thrawn]

NoScript can already control rich-text clipboard operations for trusted sites - but why do you want to control all clipboard operations? Do you really trust these sites?

[November]

I was referring to the function of this add-on.

https://addons.mozilla.org/it/firefox/a ... copypaste/

This extension disables copy, paste and cut events for web pages. This way web pages can no longer use oncopy or onpaste handlers to learn what you are copying or pasting, they won't even know that you do it at all. And they won't be able to interfere to push unwanted content to your clipboard when you copy text.

Without this add-on but with NoScript.
With NoScript when all the page is allowed (permanently or temporary).

[Thrawn]

It doesn't sound like you really trust those pages, so maybe they shouldn't be whitelisted.

I'd suggest continuing to use the other addon. Unless it's incompatible with NoScript?

[November]

I do not trust these pages!

I would like to:
dom.event.clipboardevents.enabled = false

I ask if: it is possible to manage this function with NoScript?

Not incompatible with NoScript. But, to use only NoScript.

[Thrawn]

Well, if you don't trust pages, you should just leave them blocked. By default, NoScript will block all JavaScript, related to the clipboard or otherwise.

If you want to whitelist a site, but still block specific JavaScript functions, then NoScript is not really the best tool for the job, which is why I suggested keeping the other addon.

You might also want to look at the Controle de Scripts addon.

[November]

I understand it.

I think the best solution for me is:
NoScript + "dom.event.clipboardevents.enabled = false"

Thanks.

[mdubash]

As the risk of hijacking this (now quiet) thread, I've got what might be the opposite problem. I use KeePass to store my passwords. It works by pasting a password into a web form's password field. However some sites (such as Vodafone) have taken to disabling pasting which they claim is a security measure.

I use long, complex passwords which are pretty secure - except when a website forces me to show it in plaintext to whoever might be looking over my shoulder in order to painfully type it into the field, so Vodafone's so-called security measure is pointless at best but that's off-topic.

What I would like is for the NoScript extension to disable the script that disables the web form's paste function. Is this possible, given that I have to whitelist Vodafone or it doesn't work?

[Giorgio Maone]

However some sites (such as Vodafone) have taken to disabling pasting which they claim is a security measure.

URL?

[mdubash]

It's a horrible site - this is the offending login page: https://www.vodafone.co.uk/myvodafone/f ... y3c4tyah_9

[access2godzilla]

Added detail: can paste in the username but not in the password.

[mdubash]

Correct. Vodafone says in its forums that this is a security measure.

[Thrawn]

This sounds like a job for surrogate scripts. However, they're not really my specialty.

Try the Quick Reference guide.

[mdubash]

Thanks - I've taken a look but I fear writing a new script is beyond my capabilities.

[LuciferBoy]

Is this possible in the current version of NoScript? I need to keep scripts enabled for a site but prevent it from manipulating the clipboard.