Re: Untrusted applet/copy conundrum
Andrew Thompson wrote:
Can an untrusted applet provide 'Ctrl C' copy ability
for text fields?
I thought not, but my results are confusing, at best.
I was under the impression that AWT TextFields could (by nature of their
native nature) and Swing JTextFields could not. As you have found out
this is not the case.
At some point it has been hacked around. What happens is this:
When you the Toolkit generates an event that may represent a copy &
paste action (^X, ^C, ^V, shift-insert, control-insert, middle button,
or whatever) that even is marked as a C&P event in a hidden field. You
cannot create an event like this, and I believe it gets clobbered after
returning from the dispatch. So you can't create or usefully collect one
of these events and the post it to the event queue.
The C&P event handling code checks that there is no user code on the
stack (a highly dubious check, IMO). It checks and clears the hidden
field. If everything is okay, it goes ahead with the action. This stops
you rerouting the event.
What isn't checked is that the text field is actually displaying
anything like a text field. If you were determined, you could make
middle button clicks common in your user interface for non-C&P actions,
or appear to be using C&P internally but actually sneaking a peak at the
system clipboard while faking.
Tom Hawtin