Post History

What are the security or privacy implications of browser clipboard events?

For context, I use Firefox to browse the Web. Some time ago, I followed some security- and privacy-oriented advice for configuring Firefox, which recommended (among many other things) disabling the `dom.event.clipboardevents.enabled` setting.

My understanding is that this prevents the browser from generating events when content is cut, copied or pasted from/to a text field on the page. I further understand that JavaScript on the page can respond to these events, but for security reasons, the browser does not otherwise allow JavaScript code to access the clipboard. But existing information I can find on this topic all seems to be at least a decade old.

In practical terms, it seems that disabling the setting prevents some web pages from blocking attempts to copy page text, or from modifying the text that is put on the clipboard e.g. to include ad links back to the site. However, it also seems to prevent or interfere with pasting text into certain web apps, including Twitch and Discord.

I'm trying to decide how to approach this setting. **Do clipboard events entail any kind of security or privacy risk**, generally speaking, in modern environments? For example, if I paste into an app on one browser tab, could that information leak to other tabs? If not, I think I will find it more practical to leave events enabled by default, and only temporarily disable them when they cause a problem.