A clipboard facilitates the transfer of information between applications. For example, in one traditional scenario, a user can copy information from a first application to the clipboard, open up a second application, and then paste the contents of the clipboard into the second application.
At least one browser provides a clipboard for use in a wide area network environment, such as the Internet. This allows, for example, a user to copy information from an application to the clipboard, open a web page using the browser, and then paste the contents of the clipboard into an input field of the web page. A website may also independently read information from the clipboard or write information to the clipboard, or perform some other action that affects the clipboard.
Most websites use the clipboard for legitimate purposes. However, there is also a risk that a website may intentionally or unintentionally access the clipboard for purposes which are contrary to the interests of the end user. Consider two examples. In a first case, the user may have copied sensitive information into the clipboard. For example, the user may have copied a bank account number into the clipboard so that she may later paste this information into an input field of a banking-related website. However, in one scenario, the user may inadvertently be directed to a website that is masquerading as the legitimate banking-related website. That malicious website can extract the sensitive information from the clipboard and potentially use that information to access the user's banking account.
In a second case, a malicious website may add information to the clipboard that includes potentially harmful content. For example, the website may add information to the clipboard that includes code-bearing content or other executable or interpretable information. If the user pastes the code-bearing content into an application, the content can potentially cause the application to fail. The code-bearing content can also potentially cause more pervasive damage to the user's system.
In general, an Internet-accessible clipboard is a resource that is shared between a trusted environment and a potentially untrusted environment. The trusted environment may include one or more trusted applications, such as one or more applications that run locally on the user's client device. The untrusted environment may include one or more potentially untrusted websites or other network-accessible entities.
Phrased in these terms, it would be desirable to effectively control access to a clipboard (or other type of resource) that is shared between a trusted environment and an untrused environment.