Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paste (context menu) does not work in security based edge cases #672

Closed
bgareth opened this issue Feb 14, 2025 · 4 comments
Closed

Paste (context menu) does not work in security based edge cases #672

bgareth opened this issue Feb 14, 2025 · 4 comments

Comments

@bgareth
Copy link
Contributor

bgareth commented Feb 14, 2025

Is your feature request related to a problem? Please describe.
When using the context menu to "Paste", it required read permissions from the computer clipboard. If the library is used within an iFrame or environment that excludes this permission due to security considerations, the action will result in an error in the console and nothing happens in the sheet.

Describe the solution you'd like
Use localCopyData as fallback. When copying, in addition to the current logic, store the data in sessionStorage. When pasting and reading from the clipboard, include a fallback to use the data stored in sessionStorage, allowing for a secure way to maintain functionality in the case of limited clipboard permissions.

Describe alternatives you've considered

  • localStoragecould be used in place of sessionStorage, but is slightly less secure which goes against the "target audience" of this fix.
  • localCopyData could be stored in context instead, allowing for potential future uses.

Additional context
This should not impact the original logic / functionality, but only solve the potential issues in the above edge cases.
@bgareth
Copy link
Contributor Author

bgareth commented Feb 14, 2025

I will look in to fixing this if contributors / maintainers are happy.
@sanchit3008

@bgareth bgareth mentioned this issue Feb 14, 2025
Merged
@bgareth
Copy link
Contributor Author

bgareth commented Feb 14, 2025

Potential PR: #673

@sanchit3008
Copy link
Collaborator

hi @bgareth, thanks for the pr. i am wondering in what setups this might be useful other than an iframe. from what i see, components inside an iframe can access the clipboard data with the right perms. (reference). do you think this will solve the use case you submitted a pr for?

@bgareth
Copy link
Contributor Author

bgareth commented Feb 17, 2025

hi @bgareth, thanks for the pr. i am wondering in what setups this might be useful other than an iframe. from what i see, components inside an iframe can access the clipboard data with the right perms. (reference). do you think this will solve the use case you submitted a pr for?

Yes, @sanchit3008 , adding permissions to the iframe does work. However, this submission is to maintain functionality in cases where the iframe or the user does not allow clipboard access (due to security or other reasons).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sanchit3008 @bgareth