Clipboard access using Javascript - sans Flash?

Question

Is there a reliable way to access the client machine\'s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google D

Answer 1

Forget pure JS.

There is no standard API for accessing the clipboard, and few browsers implement a propriety method.

Flash is the 'standard' method.

Answer 2

http://www.rodsdot.com/ee/cross_browser_clipboard_copy_with_pop_over_message.asp implements the ZeroClipboard flash object correctly and is cross browser. It also discusses the potential problems with ZeroClipboard and possible work-arounds. Also compatible with Flash 10+.

Answer 3

Since this is a big security risk, all browsers that care about safety don't allow JS to access the clipboard.

The main reason is that many people put their passwords into a text file and then use cut&paste to login. Crackers could then collect the password (and possibly other private information like the word document which you just copied) from the clipboard by cracking a popular site and installing some JS that sends them the content of the clipboard.

Which is why I have flash disabled all the time.

Answer 4

No, not in FF and Chrome. It works in IE (not sure about 7 and 8, but definitively 6), and from Flash. That is why Flash is always used.

Answer 5

It was clear this issue, but I still have doubts because there is the option to do this in javascript and another thing is for windows forms it is totally possible to do using the command

Clipboard.Clear()

Ref: System.Windows.Forms

Any malicious software that can do well.

Answer 6

You're looking for the execCommand function, at least the best I can tell. Here are some resources: Insert text in Javascript contenteditable div http://www.java2s.com/Code/JavaScriptReference/Javascript-Methods/execCommandisappliedto.htm

Unfortunately, this runs into the same security loophole that Flash sealed in Flash 9. Since people were spamming the clipboard, the clipboard is now only accessible through direct user interaction, and honestly, it is better that way. And I'll wager that most browsers have similar (if not stricter policies).