Tag: css

Don’t Trust Copy & Paste – even with JavaScript disabled

I’ve seen a few articles recently advising readers to not blindly copy/paste code from a website into your CLI directly because, with a small bit of JavaScript, you can overwrite the clipboard.

This is something that has been known about for a while and for some reason has seemingly resurfaced recently. The advice is to always paste into a text editor first to ensure what you think you have copied is actually what you have copied. However, I have seen comments about how you should disable JavaScript unless you need it in order to prevent this from occurring.

As awkward as this “disabling JavaScript” advice is on the modern web (and it does require some technical knowledge to enable just what you need) I agree, and in fact disable JavaScript by default. However, for this particular issue, this doesn’t matter. You can achieve essentially the same thing without any JavaScript.

The stuff below isn’t new. In fact, in the linked article is a link to a reddit thread where someone outlines this exact problem. But I feel that it can’t hurt to reiterate. And explore!

So, for the obligatory warning: Don’t paste anything on this page into a Powershell window. Don’t paste it into anything but a text editor. The examples below shouldn’t be harmful but… look, just don’t risk it, okay?

Oh, and disable JavaScript if you want.

Malicious String – copy and paste the below example into a text editor (NOT a Powershell window)

echo ‘hello,
copy c:\inetpub\www\config.php c:\inetpub\www\config.php.txt -whatif
echo ‘hello world!’

Let’s explore how we got here and what we can do about it.


Themes – Light and Dark

I’ve added a theme switcher that allows you to change between a light and dark theme.

Before adding this functionality, the default theme was dark. As you may now be able to tell the default is a light theme! I much prefer a darker theme myself but I know most people prefer a lighter one.

The toggle can be found in the very top left of the site, next to the menu across the top of the banner. This will eventually be updated with some CSS so it looks better but for now it appears to work, however it does need some more testing which I will do over the next few days.

If you configure dark mode, a cookie will be set to remember your choice. I don’t yet have the Privacy page finished (don’t tell the GDPR police!) but more details on this cookie will be found there once it’s done.

I can’t promise this feature works on every browser yet but I’ll iron out the kinks as I find them and make it more efficient to boot. If I do anything interesting I’ll document it in a future post.