• villainy@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    26 days ago

    Now give me a “Don’t Fuck With Back” extension.

    I’m guessing it’s all from the same ad network but I’ve noticed an uptick in the number of sites hijacking the back button to show more ads. Even the Associated Press site has been doing it and it drives me crazy.

  • madcaesar@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    26 days ago

    OMFG what asshole came up with the idea of blocking paste for fields? Whoever you are, get FUCKED

      • Omgboom@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        27 days ago

        I’m talking about websites that won’t let you use autofill. Why do I have to type in my email address when I have it saved in my autofill

  • yetAnotherUser@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    27 days ago
    1. You can change that setting in your about:config by setting dom.event.clipboardevents.enabled to false.
    2. This sadly prevents pasting (T)OTPs for websites that choose to have 6 separate input fields. You have to enter these codes manually.
    • naeap@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      27 days ago

      Do you know if this add-on does pretty much the same thing and with that will also have the regression regarding (T)OTP input fields?

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        27 days ago

        I have a partial answer. The add-on has different modes for different degrees of bypassing. I’m sure the complete bypass would break it, but not sure about intermediate options.

      • psivchaz@reddthat.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        27 days ago

        I can confirm that it has not appeared to affect the functionality of those sites for me. Although… There are some sites with multiple fields that don’t work and some that do, I’ve just assumed that the sites which don’t work were down to poor code.

    • Xylight@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      26 days ago

      why the hell do websites even have those 6 separate input fields? you can just have one and style it differently

    • ilinamorato@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      27 days ago

      Disabling clipboardevents entirely disables the clipboard API, meaning that single-click copy operations won’t work.

      Maybe you’re fine with that, but it’s worth noting.

  • LostXOR@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    27 days ago

    I ran into this just the other day, a site wouldn’t let me paste my password into the “confirm password” field when signing up. Had to resort to editing the HTML properties because there’s no way I’m manually typing in my long-ass randomly generated password.

    • cm0002@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      27 days ago

      Even with CTRL+V? 99% of the time when I encounter this they only block right click, but CTRL+V will work for…reasons

      • LostXOR@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        27 days ago

        Yep, even Ctrl+V didn’t work. I guess I shouldn’t be surprised considering it’s a government site (the signup for federal student aid).

      • herrvogel@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        26 days ago

        I’ve seen password managers fail to detect password fields because the frontend devs thought whatever stupid piece of React crap they vomited from their keyboards was better than using standard html fields for their intended purpose. It’s not very common, but it happens. Credit card fields are also a big mess for the same reason. Half the time bitwarden’s best guess at auto filling those results in some absolute soup that makes no sense.

        I’d also like to take this opportunity to send my warmest, most sincerest fuck yous to all the UX designers who think it’s a good idea to fuck with navigation. Don’t prevent me from opening shit in a new tab. Don’t just scroll the page up to the previous h1 when I try to go back. Who the hell do you think you are?

        • slazer2au@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          26 days ago

          Auto type doesn’t rely on password fields classification. Auto fill does

          In KeypassXC you click on the field where you want the password to be entered, then click into the password manager and do auto type.
          KeypassXC will then minimise and type the password for you.

          I do this a lot when replacing 20+ character passwords in remote desktop sessions.

          • BluesF@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            26 days ago

            You just gave me a hideous flashback to the bitlocker carnage a while ago, and having to type in what felt like an endless stream of characters that some poor sod in IT was reading me over the phone, probably for the 100th time that day.

        • undefined@lemmy.hogru.ch
          link
          fedilink
          English
          arrow-up
          0
          ·
          26 days ago

          I’m a developer that doesn’t fuck with the fields! ✨ I can’t stand JavaScript-based validation either, I use HTML attributes for basic pre-submit validation then do the actual validation on the backend.

          I can’t stand the fucked up forms either.

              • tomcatt360@lemmy.zip
                link
                fedilink
                English
                arrow-up
                0
                ·
                25 days ago

                Yeah, it wasn’t a good way to convey what I meant. I meant to say that I approve of what [email protected] is doing, but that I didn’t see (at the time) how what they were saying contributed to our discussion of our shared dislike of bad UX. At the time, it felt self aggrandizing. But I see that my pre-work self was off the mark. My apologies.

                • undefined@lemmy.hogru.ch
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  25 days ago

                  Honestly I was irritated at first, but I’ve been known to be a jerk anyway. It’s all good; honestly going back to my comment I was thinking to myself “well good for you” too.

      • LostXOR@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        26 days ago

        It does, but (as far as I know) not for putting a newly generated password into a signup field.

  • Maggoty@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    26 days ago

    Just not allowing the clipboard is a legitimate security measure though. A lot of apps can read that memory space, so it’s kind of a security black hole.l

  • Ech@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    26 days ago

    Can we get the same thing for when they hijack the back button to send you to some other promotional bs? I can’t stand that.

    • Final Remix@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      26 days ago

      Cengage? McGraw?

      Both have that problem in my classes so I went hard into the open access stuff for my students.

    • DrSteveBrule@mander.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      26 days ago

      My textbook on Norton has all the text in <p> tags if you inspect the page. It’s annoying to have to go to such lengths to copy text, but it works.

  • DaGeek247@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    26 days ago

    It doesn’t work all the time from what I’ve found. There are still websites that bypass this and fuck with paste anyways.

  • cm0002@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    27 days ago

    There’s a special place in hell for whoever started that blocking paste shit, right next to the popup ad guy.

    Also, does anyone know of an Android Xposed/Magisk Module that does the same thing?

    • ayyy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      26 days ago

      California DMV requires a bank routing and account number instead of a credit card, but doesn’t allow you to copy and paste it from your bank website. You have to type out the 20+ digits and if you get any of them wrong a cop pulls you over and potentially murders you.