How can I selectively disable paste blockers

As more and more websites add paste blocking code of one type or another to e-mail and password fields and more people use password managers, the two are increasingly coming into conflict.

While there are extensions such as Don't fuck with paste for Chrome or Disable clipboard manipulations and the dom.event.clipboardevents.enabled preference^† for FireFox, all of these suffer the problem that there are legitimate reasons why websites might want to hook into onpaste (such as Google docs rich text support or Facebook's link handling) so I don't want that functionality completely disabled.

^{† Go to about:config and search for dom.event.clipboardevents.enabled then double click to toggle.}

Another option is to hack every page you find with the offending code manually, but that is a lot of hassle and doesn't work in every case (such as with this page). One suggestion of how to do this can be found on Martin Brinkmann's Paste Passwords into blocked form fields on the Internet page.

Ideally I just want to be able to say "Re-enable paste on all fields on this page" either as a button or a context menu option for the page, so is there any way to do this?

The closest thing I have found is Derek Prior's Re-enabling Password Pasting on Annoying Web Forms but this uses the same method as the manual method, so fails to work with the specific page I was having problems with, and I have no idea how many other methods might be available.

Mark Booth

Posted 2014-12-29T13:56:28.307

Reputation: 2 324

Do these sites also block the browser's (ex. firefox) built-in password saving? Maybe do whatever it does? – Xen2050 – 2014-12-29T16:35:20.043

1Don't fuck with paste does let you choose particular websites for which to disable the manipulations – Ruslan – 2019-02-07T07:56:55.893

Thanks @Ruslan, I've verified this extension does now solve my problem, and added an answer to reflect that.

– Mark Booth – 2019-07-17T15:07:55.533

Answers

It appears that since I asked this question, the original Don't fuck with paste extension by Jacob Swanner has improved a lot, and Aaron Raimist has ported it to Firefox.

Both now allow this functionality to be enabled on a per site basis, and although it doesn't automatically fix the problem on the problematic petplanet site I mentioned, manually enabling it does now fix the problem on that site.

Mark Booth

Posted 2014-12-29T13:56:28.307

Reputation: 2 324

1Thank you. This is a major pet peeve of mine. Both when signing up for accounts (I mean really, I can read my own email address, I don't need to manually type it twice thanks) and the fact that it messes with password managers is even more frustrating. – StormeHawke – 2020-01-08T15:32:57.317

Web forms which have this paste blocker feature may implement it declaratively by using the onpaste attribute for a text box or by binding an event through JavaScript or jQuery.

Contrary to what you stated, I was able to get Derek Prior's bookmarklet to work on Chrome (ver 39 on Windows) with pages that had the attributes (type="password" onPaste="return false") on the password text box

You can also try Chris Bailey's bookmarklet which breaks paste blockers implemented through JavaScript.

This is a bit of a hassle but another alternative is to disable JavaScript temporarily for that page which in turn will turn off the JavaScript paste blocker. For Chrome, the keyboard shortcut to open Dev Tools is F12, to reach the Settings panel is F1 & here you'll find the checkbox to Disable JavaScript in the General section.

enter image description here

mvark

Posted 2014-12-29T13:56:28.307

Reputation: 2 260

Thanks mvmark. Investigating further, it looks like the specific page I was having a problem with uses some other method. I have updated my question, and I think an [so] question might be needed to come up with a definitive list of possible methods, so a bookmarklet can be written which covers them all. – Mark Booth – 2014-12-30T10:41:40.760

Done: http://stackoverflow.com/q/27704355/42473

– Mark Booth – 2014-12-30T11:10:19.657

@MarkBooth In Chrome, you can disable JavaScript temporarily for that page which will in turn will turn off the JavaScript paste blocker with the F12 - F1 shortcut. Pls see my updated answer above. – mvark – 2014-12-30T13:53:59.203

Thanks mvark, that's a great workaround for Chrome. For Firefox I have installed Disable clipboard manipulations and Pinned the Add-ons Manager so it is easy to enable or disable.

– Mark Booth – 2014-12-31T01:31:46.720

Your second link to Derek Prior is a 404 now. – AnnanFay – 2018-06-09T15:36:05.223

@annan updated dead link with archived article link https://web.archive.org/web/20170908125754/http://prioritized.net/blog/re-enabling-password-pasting-on-annoying-web-forms/

– mvark – 2018-06-10T06:00:51.353

For pages that use jquery (basically all webpages). You can paste the following javascript url into the address bar

javascript:void($('input').attr('onpaste', ''));

Att Righ

Posted 2014-12-29T13:56:28.307

Reputation: 273

1.--- This may make the problem go away for at least a few sites: COMPLAIN, and let these websites know that they are DESTROYING, not enhancing security for their users. Maybe they just haven't thought it through....

Here's the text I just copied from Chris Bailey's blog that has his bookmarklet. (Hint: Keep this in your bookmarks).
--> I'd suggest you could send PART of the following to any site that needs to be re-educated:

Re-enabling Password Pasting on Annoying Web Forms (v2)

Security is not to be taken lightly so in recent days I’ve become increasingly frustrated by the insistance of some companies to disable the facility to paste passwords into login forms. Rather then increase security, this cripples those of us using password managers such as KeePass, [LastPass], or 1Password, as the nice long randomly-generated passwords cannot be simply pasted into the password field. Instead users are forced to manually type in passwords which will promote the use of shorter passwords (and thereby weaken security).

I've found this occurring on companies such as Apple, Vodafone and Nestlé.

Thankfully I've found a solution in the form of a bookmarklet. The original idea came from the blog posting Re-enabling Password Pasting on Annoying Web Forms by Derek Prior. Unfortunately his method simply removes the onpaste attribute directly but this doesn't work if the web site is using an event handling framework such as jQuery. I've taken Derek’s original code and modified it to work better with these frameworks.

2.--> Try Chris's bookmarklet available here, but only in Chrome, Opera, or Vivaldi when the page is NOT using JQuery:

3.--> Ask someone to write a comprehensive plugin for all browsers. To get started, here are his comments and source reference from Chris's page:

To use the bookmarklet, drag the following link to your browser’s bookmark bar.

Compatibility Note: The bookmarklet only works in Chrome and Safari due to the difficulty of reading clipboard data in Firefox. It could easily be extended to include IE although I don’t have access to a Windows system to test this. There are other solutions to this problem in the form of chrome extensions (e.g. Paste ITC Password & Allow Paste into fields text although I’ve not tested them) and I would assume similar addons are available for the other browsers. Personally I like the simplicity of the bookmarklet. The code is hosted on pastebin if you want to play with it:
(ED: And his source is also listed below this excerpt, on his linked page.)

DaaBoss

Posted 2014-12-29T13:56:28.307

Reputation: 1 931

Please note some browsers silently remove the javascript: part of the code. So make sure the code in the address bar is exactly as the ones below (type manually javascript:) otherwise it won't work

For the specific website you've mentioned in your question use the following code

javascript:void($('#pwd, #pwd2').unbind('paste'));

For almost all the other websites paste the following JavaScript code into the address bar

javascript:void(document.querySelectorAll("input").forEach(function(element){element.setAttribute("onpaste","")}));

Tomas Echeverri Valencia

Posted 2014-12-29T13:56:28.307

Reputation: 21

Did you try your suggestion on the page I had a problem with? I just did and it still pops up a "Please type your password" dialog when you try to paste into the password field.

– Mark Booth – 2019-07-17T14:42:01.847

For that site specifically, use the following code javascript:void($('#pwd, #pwd2').unbind('paste')); – Tomas Echeverri Valencia – 2019-07-17T16:30:07.150

I've updated the answer with the snippet (previous comment above) that works for that specific website. But it won't probably work anywhere else – Tomas Echeverri Valencia – 2019-07-17T16:38:16.593

Chrome removes the javascript: part of the code you paste in the address bar You need to make sure the snippet you run is exactly as the one I share above otherwise it won't work – Tomas Echeverri Valencia – 2019-07-17T17:49:59.710

You could also run the code as a bookmarklet

– Tomas Echeverri Valencia – 2019-07-17T17:52:28.317

Ok, that works. Copy the text and the javascript: is there, paste it into the address bar and Firefox silently removes it. If you do ;<Ctrl>+V<Home><Del> rather than just <Ctrl>+V then it pastes correctly. You may want to add notes about these little foibles to your answer. – Mark Booth – 2019-07-17T17:56:27.847

1I've updated the answer so people know the need to manually add javascript: when pasting into the address bar – Tomas Echeverri Valencia – 2019-07-17T18:15:30.073

This is a terrible security "feature" of these websites. There are various ways to get around it, including using that extension. However there's a quick way to fix it:

Right click on the offending input field, go to "inspect element", go to the event listeners, and look for the "paste" event. Remove any paste listeners. Hit paste. Done. And do complain to the site owners, although obviously the most guilty sites are things like major banks, which will not listen to anything.

user2959589

Posted 2014-12-29T13:56:28.307

Reputation: 101