52

Html FIle Disable drop paste in HTML input fields..

Md Q Zaki
  • 3
  • 2
Adam Matan
  • 128,757
  • 147
  • 397
  • 562
  • Copy and paste works on that site, in chrome anyway. – MrCode Oct 09 '12 at 18:12
  • 1
    it barely improves security, as you can just look at the source, and the method to do this differs across browsers. – Josiah Hester Oct 09 '12 at 18:13
  • 39
    It improves security in that it annoys users to the point where they just don't bother using the site anymore. – DA. Oct 09 '12 at 18:19
  • 9
    It does not improve security (rather the opposite as it encourages easy to type passwords) and is sometimes used in confirmation fields where the user has to repeat previous input to prevent copy and paste of typos. In reality it just makes the user's life harder, especially if they want to copy/paste secure random passwords/codes from a password manager. For chrome there is a great extension which prevents this nonsense. Search for 'Chrome dont f with paste'. – timm Sep 19 '16 at 15:29
  • Thank you @timm for the tip. I use a password manager and 28 character gibberish passwords and just got a new credit card and the bank F'ed with Paste! I tried manually entering the value in the code inspector on Brave but their script outwitted me. But that extension outwitted them. – Milton Feb 14 '20 at 15:56
  • To workaround obnoxious sites using this technique, use Chrome Extension [Don't F*ck With Paste](https://chrome.google.com/webstore/detail/dont-fuck-with-paste/nkgllhigpcljnhoakjkgaieabnkmgdkb) – serega Jan 12 '22 at 11:31

1 Answers1

122

You can disable paste in your input as follows:

html:

<input type="text" value="" id="myInput">

javascript:

window.onload = () => {
 const myInput = document.getElementById('myInput');
 myInput.onpaste = e => e.preventDefault();
}

Talking about security, I wouldn't say that this makes any impact. You would usually use client side and well as server-side validation of data submitted by the user.

Community
  • 1
  • 1
Ilya Sidorovich
  • 1,530
  • 1
  • 13
  • 15
  • 7
    It does improve security process, just not directly In particular, for when confirming a PIN or password If the user mistyped the first time, pasting in the same info means they now don't know their own PIN -> hence cost and time having to reset it again. More broadly, obviously need to do all normal validation ... – user3600150 Mar 30 '16 at 12:33
  • +1 for direct, clear answer and *optional* warning (unlike other users (not here!) who start endless discussions without giving an answer). PS: This does not has to have to do something with security. Disableing pasting can be helpful to prevent users copy & pasting WRONG data, like an email address - this is for users benefits (I had this situation with one of our big bussines customers whos users WANTED not to be able to accidentally paste wrong info). – StanE Jun 18 '16 at 14:56
  • How to disable this on client side through the Chrome Developer Tools? – Carmageddon Jun 14 '17 at 04:54
  • 7
    @StanE: this prevents users pasting wrong data, but this also prevents users pasting correct data. I use a password manager and let it generate a very strong password. I then copy/paste it, as it would take forever to type it correctly, with all the special characters. – user276648 Jul 18 '17 at 03:20
  • 27
    Preventing copy and paste is silly, it has ZERO effect on security and also compounds the issues of using password manager created strong passwords in some instance. – Jammer Jul 31 '17 at 09:45
  • 24
    This does not increase security, it decreases security, because it makes people less likely to use strong passwords and a password manager. – vy32 Jul 04 '18 at 13:03
  • In the developer tools, you can create or edit the value property and paste whatever you want: `value="paste_here"` – Sandy Apr 22 '19 at 21:05
  • 1
    Disabling pasting also makes the user vulnerable to keyloggers. – SVD Nov 27 '19 at 18:08
  • This was useful for me for a totally non-security related reason (stopping users from faking data entry when they're supposed to be scanning barcodes) - glad the question was answered directly without opinion on use-case. – MrRobboto Jan 01 '20 at 00:48
  • To workaround obnoxious sites using this technique, use Chrome Extension [Don't F*ck With Paste](https://chrome.google.com/webstore/detail/dont-fuck-with-paste/nkgllhigpcljnhoakjkgaieabnkmgdkb) – serega Jan 12 '22 at 11:30