Untrusted applet/copy conundrum

Discussion in 'Java' started by Andrew Thompson, Jul 29, 2006.

  1. Can an untrusted applet provide 'Ctrl C' copy ability
    for text fields?

    I thought not, but my results are confusing, at best.

    Further details (with applet, links to code
    and JWS launch, notes..) here.
    <http://www.physci.org/test/applet/001/>

    Andrew T.
    Andrew Thompson, Jul 29, 2006
    #1
    1. Advertising

  2. Andrew Thompson wrote:
    > Can an untrusted applet provide 'Ctrl C' copy ability
    > for text fields?
    >
    > I thought not, but my results are confusing, at best.
    >
    > Further details (with applet, links to code
    > and JWS launch, notes..) here.
    > <http://www.physci.org/test/applet/001/>
    >
    > Andrew T.
    >


    Andrew:

    I'm currently running 1.6.0beta2 on a WinXP machine running Firefox
    1.5.0.5 and I can cut, copy, and paste every which way. I tried both
    your JApplet and my own test code using Applet and JApplet. I tried
    your code with IE 6 as well and it worked fine. The really interesting
    thing is that in an Applet, the TextField has a popup menu with Undo,
    Cut, Copy, Paste and SelectAll which must be a function of it's Windows
    peer.

    --

    Knute Johnson
    email s/nospam/knute/
    Knute Johnson, Jul 29, 2006
    #2
    1. Advertising

  3. Knute Johnson wrote:
    > Andrew Thompson wrote:
    > > Can an untrusted applet provide 'Ctrl C' copy ability
    > > for text fields?

    ....
    > I'm currently running 1.6.0beta2 on a WinXP machine running Firefox
    > 1.5.0.5 and I can cut, copy, and paste every which way. ...

    (snip further details)

    Thanks for the report. More data to mull over.

    Andrew T.
    Andrew Thompson, Jul 29, 2006
    #3
  4. Andrew Thompson wrote:
    > Can an untrusted applet provide 'Ctrl C' copy ability
    > for text fields?
    >
    > I thought not, but my results are confusing, at best.


    I was under the impression that AWT TextFields could (by nature of their
    native nature) and Swing JTextFields could not. As you have found out
    this is not the case.

    At some point it has been hacked around. What happens is this:

    When you the Toolkit generates an event that may represent a copy &
    paste action (^X, ^C, ^V, shift-insert, control-insert, middle button,
    or whatever) that even is marked as a C&P event in a hidden field. You
    cannot create an event like this, and I believe it gets clobbered after
    returning from the dispatch. So you can't create or usefully collect one
    of these events and the post it to the event queue.

    The C&P event handling code checks that there is no user code on the
    stack (a highly dubious check, IMO). It checks and clears the hidden
    field. If everything is okay, it goes ahead with the action. This stops
    you rerouting the event.

    What isn't checked is that the text field is actually displaying
    anything like a text field. If you were determined, you could make
    middle button clicks common in your user interface for non-C&P actions,
    or appear to be using C&P internally but actually sneaking a peak at the
    system clipboard while faking.

    Tom Hawtin
    Thomas Hawtin, Jul 29, 2006
    #4
  5. Thomas Hawtin wrote:
    > Andrew Thompson wrote:
    > > Can an untrusted applet provide 'Ctrl C' copy ability
    > > for text fields?
    > >
    > > I thought not, but my results are confusing, at best.

    >
    > I was under the impression that AWT TextFields could (by nature of their
    > native nature)


    Right! Yeah, I forgot that detail. It is not of major
    relevance to the Swing problem directly, but it may
    well provide a solution fo the OP on the original
    thread on c.l.j.help, if the Swing copy functionality
    turns out to be unsuited to his end user requirement.

    Thanks for reminding me.

    >...and Swing JTextFields could not. As you have found out
    > this is not the case.

    (...snip..)

    Yeah.. it is very odd. Or rather, it will probably seem
    very less odd after I get a chance to digest your analysis,
    ...but right now, I'm off to bed.

    Thanks for your input.

    Andrew T.
    Andrew Thompson, Jul 29, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Logu

    Re;Untrusted Webserver

    Logu, Jul 23, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    427
  2. Mark Stokes
    Replies:
    0
    Views:
    310
    Mark Stokes
    Apr 15, 2004
  3. Jakekeke
    Replies:
    3
    Views:
    6,415
    Sebastian Hentschel
    Jan 18, 2005
  4. Alex
    Replies:
    2
    Views:
    1,223
  5. Replies:
    26
    Views:
    2,113
    Roland Pibinger
    Sep 1, 2006
Loading...

Share This Page