I had a fascinating email sent to me the other day that shows how one could develop a web page that could access the clipboard of an IE user. Try copying some text into you clipboard and if you navigate to this site with IE it will access the text in the clip board and display it on the page. Pretty scary!!

While this feature is based on client scripting it is obvious that this exploit could be used to snag various things from your clipboard (maybe passwords) and send them back to a server via JSON, AJAX, POST etc.

I am not a JavaScript expert but I think the following would do the trick:

var content = clipboardData.getData("Text")

Turning off the feature is pretty simple (IE 7):

    1. Go to Internet Options and select the Security tab.
    2. Click custom level
    3. Select disable under Allow Programmatic clipboard access.

Technorati tags: