How can I selectively disable paste blockers

Question

As more and more websites add paste blocking code of one type or another to e-mail and password fields and more people use password managers, the two are increasingly coming into conflict.

While there are extensions such as Don't fuck with paste for Chrome or Disable clipboard manipulations and the dom.event.clipboardevents.enabled preference^† for FireFox, all of these suffer the problem that there are legitimate reasons why websites might want to hook into onpaste (such as Google docs rich text support or Facebook's link handling) so I don't want that functionality completely disabled.

^{† Go to about:config and search for dom.event.clipboardevents.enabled then double click to toggle.}

Another option is to hack every page you find with the offending code manually, but that is a lot of hassle and doesn't work in every case (such as with this page). One suggestion of how to do this can be found on Martin Brinkmann's Paste Passwords into blocked form fields on the Internet page.

Ideally I just want to be able to say "Re-enable paste on all fields on this page" either as a button or a context menu option for the page, so is there any way to do this?

The closest thing I have found is Derek Prior's Re-enabling Password Pasting on Annoying Web Forms but this uses the same method as the manual method, so fails to work with the specific page I was having problems with, and I have no idea how many other methods might be available.

Answer 1

Web forms which have this paste blocker feature may implement it declaratively by using the onpaste attribute for a text box or by binding an event through JavaScript or jQuery.

Contrary to what you stated, I was able to get Derek Prior's bookmarklet to work on Chrome (ver 39 on Windows) with pages that had the attributes (type="password" onPaste="return false") on the password text box

You can also try Chris Bailey's bookmarklet which breaks paste blockers implemented through JavaScript.

This is a bit of a hassle but another alternative is to disable JavaScript temporarily for that page which in turn will turn off the JavaScript paste blocker. For Chrome, the keyboard shortcut to open Dev Tools is F12, to reach the Settings panel is F1 & here you'll find the checkbox to Disable JavaScript in the General section.

Answer 2

For pages that use jquery (basically all webpages). You can paste the following javascript url into the address bar

javascript:void($('input').attr('onpaste', ''));

Answer 3

1.--- This may make the problem go away for at least a few sites: COMPLAIN, and let these websites know that they are DESTROYING, not enhancing security for their users. Maybe they just haven't thought it through....

Here's the text I just copied from Chris Bailey's blog that has his bookmarklet. (Hint: Keep this in your bookmarks).
--> I'd suggest you could send PART of the following to any site that needs to be re-educated:

Re-enabling Password Pasting on Annoying Web Forms (v2)

Security is not to be taken lightly so in recent days I’ve become increasingly frustrated by the insistance of some companies to disable the facility to paste passwords into login forms. Rather then increase security, this cripples those of us using password managers such as KeePass, [LastPass], or 1Password, as the nice long randomly-generated passwords cannot be simply pasted into the password field. Instead users are forced to manually type in passwords which will promote the use of shorter passwords (and thereby weaken security).

I've found this occurring on companies such as Apple, Vodafone and Nestlé.

Thankfully I've found a solution in the form of a bookmarklet. The original idea came from the blog posting Re-enabling Password Pasting on Annoying Web Forms by Derek Prior. Unfortunately his method simply removes the onpaste attribute directly but this doesn't work if the web site is using an event handling framework such as jQuery. I've taken Derek’s original code and modified it to work better with these frameworks.

2.--> Try Chris's bookmarklet available here, but only in Chrome, Opera, or Vivaldi when the page is NOT using JQuery:

3.--> Ask someone to write a comprehensive plugin for all browsers. To get started, here are his comments and source reference from Chris's page:

To use the bookmarklet, drag the following link to your browser’s bookmark bar.

Compatibility Note: The bookmarklet only works in Chrome and Safari due to the difficulty of reading clipboard data in Firefox. It could easily be extended to include IE although I don’t have access to a Windows system to test this. There are other solutions to this problem in the form of chrome extensions (e.g. Paste ITC Password & Allow Paste into fields text although I’ve not tested them) and I would assume similar addons are available for the other browsers. Personally I like the simplicity of the bookmarklet. The code is hosted on pastebin if you want to play with it:
(ED: And his source is also listed below this excerpt, on his linked page.)

Answer 4

It appears that since I asked this question, the original Don't fuck with paste extension by Jacob Swanner has improved a lot, and Aaron Raimist has ported it to Firefox.

Both now allow this functionality to be enabled on a per site basis, and although it doesn't automatically fix the problem on the problematic petplanet site I mentioned, manually enabling it does now fix the problem on that site.

Answer 5

Please note some browsers silently remove the javascript: part of the code. So make sure the code in the address bar is exactly as the ones below (type manually javascript:) otherwise it won't work

For the specific website you've mentioned in your question use the following code

javascript:void($('#pwd, #pwd2').unbind('paste'));

---

For almost all the other websites paste the following JavaScript code into the address bar

javascript:void(document.querySelectorAll("input").forEach(function(element){element.setAttribute("onpaste","")}));

Answer 6

This is a terrible security "feature" of these websites. There are various ways to get around it, including using that extension. However there's a quick way to fix it:

Right click on the offending input field, go to "inspect element", go to the event listeners, and look for the "paste" event. Remove any paste listeners. Hit paste. Done. And do complain to the site owners, although obviously the most guilty sites are things like major banks, which will not listen to anything.

Answer 7

For me all the methods mentioned here did not work, finally I found the "Simple Allow Copy" Chrome extension which works.

Do not forget to limit the access only for the sites you are intending to use it for!!! Otherwise you are opening one more backdoor to your privacy.

chrome://extensions/ | Simple Allow Copy | Site access Allow this extension to read and change all your data on websites you visit: On specific sites:

Then pin the icon to the extension icon area in the top right corner and click on its icon to activate it for the webpage.