Why do websites prevent pasting via onpaste="return false;"
Why do websites do this? Isn't it trivial for bots etc to easily side-step any protection this might give? Or is it just to make people "double-check" their inputs? I find it completely maddening because I would assume I'm way more likely to correctly input a copy-pasted e.g. routing or account number than if I have to manually enter anything. Can we just agree this is terrible UI and is probably detrimental to correct data entry? What am I missing? In frustration I even sometimes open the dev tools and remove this attribute on elements out of spite.
4 comments
[ 309 ms ] story [ 485 ms ] threadIt is, but they had some "checklist" that included "block paste" for reasons unknown, and so they blocked pasting.
In firefox, if you change the about:config setting "dom.event.clipboardevents.enabled" to false you'll be able to paste no matter whether the website operator has "block paste" on their braindead checklist or not.
However, I have noticed that, on some fields, the field rejects certain input without any message if the input is not the correct intended field type. For example, copying a numeric one time password from an email which gets copied as string and pasting on a field which only accepts numbers. This might look like paste blocking but its not.