Heh. this reminded me some libreoffice bugs i track. One is to have plain text copy paste be the default. The other is to completely disable selected text dragging.
There's a large number of people who likes both of these features. Go figure.
It's tangential to the article, but I've found it's been really helpful to have dedicated copy and paste buttons on the left hand. On Linux the highlight and middle click is nice, but not every application can be selected (like split windows in tmux) and the buffers don't always match between applications (like Firefox and something else). But I've found Ctrl+Insert and Shift+Insert works practically without fail everywhere. I have a programmable keyboard so made macros for those two commands and mapped them to keys on the non-mouse hand (extra thumb keys on an ergodox, not bad to lift the hand a little to reach them). Works great! For something so universal as copying text it would make sense to have dedicated keys for them on many keyboards, like volume up or down.
In a barely related subject, does anybody knows a good clipboard manager (e.g. multiple copy + paste) for mac that supports both text and images? (like Ditto on Windows)
The ability of Javascript to alter the "copy" contents is, like the ability to disable zoom, something that's nearly always used against the user and the usability and accessibility of the site. Such as appending disclaimers and copyright notices to strings.
The problem is that the same medium (HTML) is used for "documents" and "applications". Programmatic access to clipboard, zoom etc is legitimate for "HTML applications" like Google Docs/Maps but unnecessary for "HTML documents", along with virtually all scripting.
Except that the ability to copy is extremely useful.
And creating more popup-approval fatigue doesn't help anyone.
You are a super-user, so it might be the git clone URL of a really long commit. That "click to copy" button on github is really useful.
The same scenario exists from Grandma, and she will click the popup or give up in frustration - neither of which is good.
IMO, sites should be able to have access to the copy buffer but not to the paste. Paste should be available to the user with ctrl+P. Definitely not perfect, but more mitigable.
I don't think the putative Grandma has much need for copy-and-paste functionality from websites.
And yes, there would be fatigue, and me-the-super-user would globally block those popups from coming up. It's honestly not worth it. I would miss it maybe once a month, which is about how often I get annoyed by something messing with it.
Maybe a middle ground would be allowing websites to _insert_ things into the buffer, but not _modifying_ the buffer. (Though of course, they could just inspect what's highlighted on the page, and then flat out insert that plus their garbage, except I'd argue that I don't think they need to know what I've got highlighted, then you'd point out that that would break Google Docs, and I'd suggest another popup, and you'd say that Grandma can't handle the fatigue, etc., etc.)
I'd quite like to see a three-way partition between "dumb document" (DOM frozen after load, possibly no processing at all), "smart document" (DOM APIs only, possibly plus classical HTML form submission), and "actual application". Ideally with a way of telling which is which before loading it. I don't realistically expect this to happen.
The stupid thing about AMP is that it's trying to push sites back into the "document" box, but only so that they can be monetized more effectively by Google...
I recently had to download an image attachment from Gmail. The download button didn't work and the context menu (the proper route for saving an image) had been disabled. I had to go into Dev tools to get it.
Funny to see this. Just yesterday, I copied some selected text from a browser, and pasted into a terminal - big mistake.
The clipboard contained junk (basically advertising) with numerous new lines. Fortunately, none of it did anything, but it was a good learning experience that I cannot trust the browser to copy the selected text as is.
The very annoying thing was that the text was copied from a website with code snippets, in this specific case, some terminal commands to run. And they hijacked the clipboard so the commands are corrupted when copied and pasted. That's so asinine..
Allowing client-side JavaScript to alter clipboard content like this is a security vulnerability. What if a page suggested copying and pasting some text in a terminal, then replaced the clipboard contents with arbitrary commands.
I can imagine some exceptions, like "Copy to clipboard" functionality, but there's gotta be a reasonable solution.
Now that I know about this vulnerability, I have to copy & paste anything into an editor first, to make sure that it's what I actually selected and copied.
The related issue most irritating for me is that google search makes the URL hover claim one destination but when you click the click itself rewrites the URL to funnel through their tracking service.
This is an extremely dangerous attack vector which google is abusing to compromise user privacy (but fortunately, not worse). There was a firefox bug open on this for years but it seems like Mozilla really didn't want to break their big sponsor's analytics. ( https://bugzilla.mozilla.org/show_bug.cgi?id=229050 )
I find it extremely annoying because I often search for PDFs to answer questions for people and if I click the link it pops up in an external viewer and I get no opportunity to copy a url. Unfortunately the right-click to copy also triggers the onclick handler to add the google tracking spam, causing me to copy an extremely long and chat-unfriendly URL.
I know. You have to set the browser to ask what to do for every download. Then you download the PDF. After that go to "downloads" and right-click and select "copy source URL" or something like that.
That's the only way I've found to get the real URL.
Some sites make you download the PDF instead of showing it in the browser. The new tab opens and closes immediately after fetching the URL, so you don't get to see the URL in the bar. If the browser is set to open files with known editors, it will be downloaded and opened (and I can't recall if the PDF is still in the download list in the browser).
31 comments
[ 3.9 ms ] story [ 43.9 ms ] threadThere's a large number of people who likes both of these features. Go figure.
[1]: https://news.ycombinator.com/item?id=22569662
https://github.com/p0deje/Maccy
And creating more popup-approval fatigue doesn't help anyone.
You are a super-user, so it might be the git clone URL of a really long commit. That "click to copy" button on github is really useful.
The same scenario exists from Grandma, and she will click the popup or give up in frustration - neither of which is good.
IMO, sites should be able to have access to the copy buffer but not to the paste. Paste should be available to the user with ctrl+P. Definitely not perfect, but more mitigable.
And yes, there would be fatigue, and me-the-super-user would globally block those popups from coming up. It's honestly not worth it. I would miss it maybe once a month, which is about how often I get annoyed by something messing with it.
Maybe a middle ground would be allowing websites to _insert_ things into the buffer, but not _modifying_ the buffer. (Though of course, they could just inspect what's highlighted on the page, and then flat out insert that plus their garbage, except I'd argue that I don't think they need to know what I've got highlighted, then you'd point out that that would break Google Docs, and I'd suggest another popup, and you'd say that Grandma can't handle the fatigue, etc., etc.)
The stupid thing about AMP is that it's trying to push sites back into the "document" box, but only so that they can be monetized more effectively by Google...
Allow Gmail to run as an application in your browser?
[Deny] [Allow] [Always Allow]
The internet is broken.
The clipboard contained junk (basically advertising) with numerous new lines. Fortunately, none of it did anything, but it was a good learning experience that I cannot trust the browser to copy the selected text as is.
The very annoying thing was that the text was copied from a website with code snippets, in this specific case, some terminal commands to run. And they hijacked the clipboard so the commands are corrupted when copied and pasted. That's so asinine..
Allowing client-side JavaScript to alter clipboard content like this is a security vulnerability. What if a page suggested copying and pasting some text in a terminal, then replaced the clipboard contents with arbitrary commands.
I can imagine some exceptions, like "Copy to clipboard" functionality, but there's gotta be a reasonable solution.
Now that I know about this vulnerability, I have to copy & paste anything into an editor first, to make sure that it's what I actually selected and copied.
This is an extremely dangerous attack vector which google is abusing to compromise user privacy (but fortunately, not worse). There was a firefox bug open on this for years but it seems like Mozilla really didn't want to break their big sponsor's analytics. ( https://bugzilla.mozilla.org/show_bug.cgi?id=229050 )
I find it extremely annoying because I often search for PDFs to answer questions for people and if I click the link it pops up in an external viewer and I get no opportunity to copy a url. Unfortunately the right-click to copy also triggers the onclick handler to add the google tracking spam, causing me to copy an extremely long and chat-unfriendly URL.
That's the only way I've found to get the real URL.
Edit: I work with datasheets. The following link forces me to download the PDF: https://www.st.com/resource/en/datasheet/stm32f103rc.pdf
This does not: https://www.mouser.it/datasheet/2/389/stm32f103rg-1851026.pd...
Don't ask me why....
If you have any questions, please let me know.