Pasteboard type #2633
Comments
|
How do I view what the clipboard value's pasteboard type is? I installed Flycut but i don't see anything that tells what the pastebaord type of each thing I copied is. |
|
Flycut can be configured to exclude given pasteboard types. The default value it excludes is: |
|
Unfortunately I am not seeing an API in electron for defining the Pasteboard Type during clipboard write functions. https://electronjs.org/docs/api/clipboard#clipboardwritetexttext-type There is a "type" parameter, but that doesn't seem related to the Pasteboard type, since all still seem to written as NSStringPboardType. |
|
They are marked as experimental APIs, but this should work, where |
|
Thanks @goncalossilva . We'll keep an eye on this API. |
|
Have there been any updates about this by any chance? |
One option is: https://github.com/sindresorhus/Pasteboard-Viewer I found that info here: p0deje/Maccy#125 I would love to be able to exclude BitWarden from Maccy. Hope this gets resolved someday. Thanks |
|
Bitwarden only returns |
|
Yes, it would. That's why it would be best for BitWarden to use a particular pasteboard type that's not plain text. Either something like org.nspasteboard.ConcealedType or its own unique identifier. I don't know much about all of that, but there seems to be a list of some types here: http://nspasteboard.org/ |
|
Any updates on this? I'm also using Macccy and would love to exclude Bitwarden |
|
No updates as far as I know. |
|
Hi @kspearrin, apologies for the ping, but is there any update about the |
|
I still have my fingers crossed this will show up someday. |
|
Any updates? Would love to keep using Bitwarden and have proper integration with various clipboard managers 🙏 |
|
Any updates? |
|
This has been triaged and is in our backlog, but does not have any specific deadline for a fix. |
|
Maybe @kspearrin, @eliykat this can be implemented in some: experimental feature in BW itself... so users need to enable that explicitly. That will help mac users that use Maccy (still do not undestand Apple do not implementet this directly) and if everythink goes wrong, you can just unckeck one option. |
|
Has there been any new developments concerning this issue? |
|
+1. Shouldn't this be put in priority? It seems a concerning security risk for anyone using the extension and a clipboard manager 😮 |
|
for what it's worth - a workaround for Alfred users, you can set up alfred to ignore clipboard entries from certain apps - for example bitwarden :) This almost forced me to go back to 1password, luckily i found this workaround :)
note that if you copy something from browser extension, it is still stored in alfred :( |
|
Sure, for the desktop app it’s not a problem. Any good clipboard manager
should allow you to specify apps that it doesn’t copy. (Also any good
clipboard manager will automatically ignore a concealed type.)
The problem is with the browser extension because 99% of the things I copy
in my browser are things I want to be in the history. To make things even
messier, I actually like that my TOTP codes show up in my manager because I
have mine (Maccy) configured to show last copied item in the menu bar, so I
never have to wonder what’s on the clipboard, and I instantly know whether
a login has TOTP stored in Bitwarden, or if I need to go look for it
somewhere else, just by glancing at the menu bar.
So I’m still hoping this will come eventually. The most elegant solution
would be for Bitwarden to mark its copies as concealed, or its own unique
type. But thanks for posting a workaround, it’s nice to keep some energy in
this thread.
|
|
BTW this also affects credit card numbers, which to me is even worse than passwords altho of course passwords are bad enough. I wonder how/if other password managers address this in the browser extension. |
|
One more idea - until a proper fix can be made, i would be satisfied with option to disable copy-from-webextension. This would force me to use app and that I can put into ignore list. This would solve the worry i have of accidentaly copying sensitive info into clipboard from the web extension without realising it. |
|
any updates? this can be a serious vulnerability. |
Same issue here. |
|
This has been an issue for 5 years now. Could one of the Bitwarden maintainers please explain why this issue is not considered a priority? |
Second this! |
|
Hi everyone, apologies for leaving this hanging for a while. I must admit this almost got lost in the midst of other high priority work. We are discussing internally the path forward, and I will be sure to share with the community any findings. Thank you for your patience as we look into this! |
|
@dbosompem any update on this? We'd really appreciate it, as it will enhance the user experience and security for those who use a clipboard manager. Thank you! |
Any findings? |
|
@dbosompem How on earth is this obvious security risk not fixed already? |
@dbosompem This was many months ago. Please, share your findings and the path forward. |
|
@Hinton can we expect an update soon? |
|
Hoping there would be an update soon, I’ve been using Maccy, which ignores the Bitwarden app but not the browser extension. The extension is much more convenient. |
|
bump |
|
@dbosompem This feature was requested 6 years ago and well received by anyone here. |
|
+1 |
|
+1, coming from developer background, I can see why it's being delayed. Lets have some patience and wait for experimental browser API to become stable first. Then we can expect it to be implemented into Bitwarden. |
|
If it's true that the app does this correctly, one possible work-around would be heavy-handed, but might be worth it: have the extension ask the Bitwarden app to do the actual copying to the clipboard. This would of course only work if the app is running. The extension and the app can already communicate for the biometric verification, though of course there are many technical details I would be unaware of that could potentially make my suggestion difficult or impossible to implement. Update: No, the Bitwarden app does not set the pasteboard type on MacOS either, it's not just the extension. (Or rather, it's set to However, regardless of the pasteboard type, a clipboard manager like Maccy can be told to ignore copies coming from the Bitwarden app, and perhaps could change the default config to do it by default, so having the copy come from the app would still be helpful. |
Patience... if 6 years isn't patience, I dunno what is. |
|
Bump. Just downloaded a clipboard manager, maccy, and realizing this is really unsafe to use with the chrome extension which i use daily. |
|
It is insane that this has not been fixed after all this time |
Hello, is there any update regarding this? |
|
I moved to a MacOS/iOS app that works with KeepassX databases because of this issue specifically. |
I, personally, prefer Bitwarden, given that it's been great until now. I even decided to purchase Premium to support them (even though I don't need any of the Premium features). But using Maccy app on macOS alerted me to this bug and seeing that it's open since 2018, I don't have too much hope that it will be fixed. But I'm open to considering other alternatives with multi-system integration (Windows, macOS, Linux and iOS), given that's necessary for me. So please, feel free to recommend them! |
|
Neither keepass nor 1password have this problem. |
@mvevitsis could you explain this further? Does 1Password browser extension copy from the desktop app? |
|
They both have their own pasteboard type. Bitwarden doesn't. |
I'm using Strongbox (iOS/MacOS) and I've been very happy with it for the past few months. It uses the open source KeepassX database format, easily imports Bitwarden and other formats, and you can get clients for KeepassX which are compatible with Windows and Linux |
|
Hi everyone, The original issue for MacOS Pasteboard types is resolved in #11025. Please note this is only for MacOS in the desktop client. For linux the team is tracking an upstream issue but the ecosystem is more fragmented with multiple standards. For browser related issues please use one of the existing issues, but note we are limited by the available capabilities on the platform and browsers do not currently offer any APIs for excluding clipboard items from history This should be available in an upcoming release in about a months time. Please note it will not be part of this month's release. |
|
@Hinton i don't follow if this will be addressed in the Bitwarden extension as well as that seems to not have a workaround with clipboard managers. With Alfred for instance you can ignore Bitwarden desktop and that clears it at least. |
and others
I'd like to exclude Bitwarden from clipboard menu application like (Flycut). To do that I need to now what pasteboard type is used. According to this issue: #326 it looks like this should be possible with the desktop version, is it?
The text was updated successfully, but these errors were encountered: