As more and more websites add paste blocking code of one type or another to e-mail and password fields and more people use password managers, the two are increasingly coming into conflict.
While there are extensions such as Don’t fuck with paste for Chrome or Disable clipboard manipulations and the
dom.event.clipboardevents.enabled preference† for FireFox, all of these suffer the problem that there are legitimate reasons why websites might want to hook into
onpaste (such as Google docs rich text support or Facebook’s link handling) so I don’t want that functionality completely disabled.
† Go to
about:config and search for
dom.event.clipboardevents.enabled then double click to toggle.
Another option is to hack every page you find with the offending code manually, but that is a lot of hassle and doesn’t work in every case (such as with this page). One suggestion of how to do this can be found on Martin Brinkmann’s Paste Passwords into blocked form fields on the Internet page.
Ideally I just want to be able to say “Re-enable paste on all fields on this page” either as a button or a context menu option for the page, so is there any way to do this?
The closest thing I have found is Derek Prior’s Re-enabling Password Pasting on Annoying Web Forms but this uses the same method as the manual method, so fails to work with the specific page I was having problems with, and I have no idea how many other methods might be available.
Contrary to what you stated, I was able to get Derek Prior’s bookmarklet to work on Chrome (ver 39 on Windows) with pages that had the attributes (type=”password” onPaste=”return false”) on the password text box
1.— This may make the problem go away for at least a few sites:
COMPLAIN, and let these websites know that they are DESTROYING, not enhancing security for their users. Maybe they just haven’t thought it through….
Here’s the text I just copied from Chris Bailey’s blog that has his bookmarklet. (Hint: Keep this in your bookmarks).
–> I’d suggest you could send PART of the following to any site that needs to be re-educated:
Re-enabling Password Pasting on Annoying Web Forms (v2)
Security is not to be taken lightly so in recent days I’ve become
increasingly frustrated by the insistance of some companies to disable
the facility to paste passwords into login forms. Rather then increase
security, this cripples those of us using password managers such as
KeePass, [LastPass], or 1Password, as the nice long randomly-generated passwords
cannot be simply pasted into the password field. Instead users are
forced to manually type in passwords which will promote the use of
shorter passwords (and thereby weaken security).
I’ve found this occurring on companies such as Apple, Vodafone and
Thankfully I’ve found a solution in the form of a bookmarklet. The
original idea came from the blog posting Re-enabling Password Pasting
on Annoying Web Forms by Derek Prior. Unfortunately his method simply
removes the onpaste attribute directly but this doesn’t work if the
web site is using an event handling framework such as jQuery. I’ve
taken Derek’s original code and modified it to work better with these
2.–> Try Chris’s bookmarklet available here, but only in Chrome, Opera, or Vivaldi when the page is NOT using JQuery:
3.–> Ask someone to write a comprehensive plugin for all browsers. To get started, here are his comments and source reference from Chris’s page:
To use the bookmarklet, drag the following link to your browser’s
Compatibility Note: The bookmarklet only works in Chrome and Safari
due to the difficulty of reading clipboard data in Firefox. It could
easily be extended to include IE although I don’t have access to a
Windows system to test this. There are other solutions to this problem
in the form of chrome extensions (e.g. Paste ITC Password & Allow
Paste into fields text although I’ve not tested them) and I would
assume similar addons are available for the other browsers. Personally
I like the simplicity of the bookmarklet. The code is hosted on
pastebin if you want to play with it:
(ED: And his source is also listed below this excerpt, on his linked page.)
Both now allow this functionality to be enabled on a per site basis, and although it doesn’t automatically fix the problem on the problematic petplanet site I mentioned, manually enabling it does now fix the problem on that site.
Please note some browsers silently remove the
For the specific website you’ve mentioned in your question use the following code
For me all the methods mentioned here did not work, finally I found the “Simple Allow Copy” Chrome extension which works.
Do not forget to limit the access only for the sites you are intending to use it for!!! Otherwise you are opening one more backdoor to your privacy.
Simple Allow Copy |
Allow this extension to read and change all your data on websites you visit:
On specific sites:
Then pin the icon to the extension icon area in the top right corner and click on its icon to activate it for the webpage.
This is a terrible security “feature” of these websites. There are various ways to get around it, including using that extension.
However there’s a quick way to fix it:
Right click on the offending input field, go to “inspect element”, go to the event listeners, and look for the “paste” event. Remove any paste listeners. Hit paste. Done. And do complain to the site owners, although obviously the most guilty sites are things like major banks, which will not listen to anything.