password field with content that can be copied by end users

Scriptcase 8 Discussion
#1

Apparently browsers disable copy on <input type=password>.

In a form, how can I have a field (content retrieved from db) that is “obfuscated” (e.g. shown as “*********”) but that the user can select it and copy its real content (the data from the db) to the clipboard?

#2

Afaik you cannot. That’s simply because the field is declared as password, and all browsers are designed that way.

#3

This is only possible with a seperate program that catches the passwords, like iepassview and similar.

#4

Maybe I was not clear.

I tried to use a password field only because its content is obfuscated by default.

The content of the field I need to obfuscate is irrelevant: the data is from a database table and its content is populated by the app end user via an SC form.

I’d like to have two options for a sensitive information field:
[LIST=1]

  • - field content visible <- user can select it and copy it in the clipboard or write it down on paper
  • - field content "obfuscated" (*****) <- user can select it and copy the real content (not the obfuscated version) in the clipboard [/LIST]

    Option 2 is to be used in case users want to be sure no one near their computer can see the field content when they copy it (as it could happen with Option 1).

    • #5

    Provide a a button / link near that obfuscated field labelled “copy to clipboard”, and code it to pull the relevant table data and write that to the clipboard? Will probably need a javascript utility like zeroclipboard to do the last clipboard bit…

    #6

    Tnks adz,

    googling around I had found some info about zeroclipboard, but it relies on Adobe Flash so I didn’t want to go that route (no mobile support, right? and isn’t Flash going to die soon anyway?).

    If there’ no other way, I’ll try the HTML5 clipboard api.

    #7

    http://www.ghacks.net/2007/11/21/reveal-your-saved-passwords-in-firefox/

    #8

    @rr
    thanks but this is not about broswers\passwords at all.
    The data to be obfuscated is stored in a db (mysql or postgresql) table field and the interface to enter\read\change it will be my ScriptCase application only.

    #9

    If it is an encrypted string from the database that shows in a field then you are out of luck, unless you know (and can reverse) the algorithm to reverse the stored encrypted password. If it is md5 or sha-1 or so then you are out of luck.

    #10

    @rr: I know the (reversible) algorithm since I’m writing the application and creating the db from scratch.

    #11

    So you want a field with an encrypted text on the webpage and have the user copy/paste it unencrypted? Then the only things you can do is add the javascript decrypting routine on a javascript event. Since someone enters the field for a copy he’d have to select it.
    Anyway you can find more detailed info here:
    http://www.w3schools.com/jsref/dom_obj_event.asp
    http://www.w3schools.com/jsref/event_oncopy.asp

    And specially this one:
    https://brooknovak.wordpress.com/2009/07/28/accessing-the-system-clipboard-with-javascript/

    Another totally awesome link:
    http://jsfiddle.net/AGEf7/
    and also:
    http://stackoverflow.com/questions/17527870/how-does-trello-access-the-users-clipboard

    http://stackoverflow.com/questions/400212/how-do-i-copy-to-the-clipboard-in-javascript

    Anyway enough links to help you on…