How to Protect the Contents of Your Windows Clipboard

ID: Q224993

The information in this article applies to:

SUMMARY

Internet Explorer 5 includes customizable security settings to prevent malicious Web site administrators that script the Microsoft Dynamic Hypertext Markup Language (DHTML) Editing Component from obtaining access to your Windows clipboard data. This protection is enabled by default for the Restricted sites security zone, but it is turned off by default for the Internet, Local intranet, and Trusted sites zones to permit you to use clipboard-related functionality.


MORE INFORMATION

To prevent Web sites in the Internet, Local intranet, or Trusted sites zones from obtaining access to your Windows clipboard data, use the appropriate method:

Internet Explorer 5

To prevent web sites in the Internet, Local intranet, or Trusted sites zones from obtaining access to your Windows clipboard data by scripting the DHTML Editing Component with Internet Explorer 5, change the appropriate zone security level to High or use a Custom level:

  1. Click Start, point to Settings, click Control Panel, and then double-click Internet.


  2. Click the Security tab.


  3. Under Select a Web content zone to specify its security settings, click the zone where you want to prevent web sites from accessing your clipboard.


  4. Click Custom Level.


  5. Under Allow paste operations via script, click Disable or Prompt.


  6. Click OK.




NOTE: If you enable the "Allow paste operations via script" feature, Internet Explorer 5 displays the following security alert whenever a Web site attempts to obtain access to your Windows clipboard using the DHTML Editing Component:
Internet Explorer
Do you want to allow this page to paste information from your clipboard?
Administrators can also adjust the default setting for this feature by using the Internet Explorer Administration Kit (IEAK) before distributing Internet Explorer 5.

The Microsoft DHTML Editing Component is included with Internet Explorer 5 and is available as a downloadable ActiveX control that can be installed with Internet Explorer 4.x. Web authors and program developers can use it to add HTML editing capabilities to their Web sites and programs. The editing component uses Microsoft's Component Object Model (COM) technology to make editing services such as basic HTML formatting, tables, undo or redo, find, and absolute positioning readily available.


NOTE: If you have already installed the DHTML Editing Component for Internet Explorer 4.x or Windows 98, you can prevent Web sites from viewing your clipboard data by selecting Prompt or Disable for "Script ActiveX controls marked safe for scripting" in the security settings for the appropriate zone. However, if you disable this feature, Internet or intranet sites that use ActiveX controls may not work as expected.

Internet Explorer 4.x

To prevent Web sites in the Internet, Local intranet, or Trusted sites zones from obtaining access to your Windows clipboard data by scripting the DHTML Editing Component with Internet Explorer 4.x, change the appropriate zone security level to High or use a Custom level:

  1. Click Start, point to Settings, double-click Control Panel, and then double-click Internet Options.


  2. Click the Security tab.


  3. Under Select a Web content zone to specify its security settings, click the zone where you want to prevent web sites from accessing your clipboard.


  4. Click Custom and then click Settings.


  5. Click Prompt or Disable for "Script ActiveX controls marked safe for scripting" and click OK.



REFERENCES

For more information about the DHTML Editing component, please visit the following Microsoft Web site:

http://msdn.microsoft.com/workshop/author/dhtml/edit/default.asp

Additional query words: 2.0 2.00 4.00 5.0 5.00 


Keywords          : msiew95 msient win98 msiew98 win98se 
Version           : WINDOWS:4.0,4.01,4.01 Service Pack 1,4.01 Service Pack 2,5
Platform          : WINDOWS 
Issue type        : kbhowto

Last Reviewed: June 8, 1999