• Robert Hoffmann's avatar
    Klipper: Do not insert secret data into history · 637cd0bf
    Robert Hoffmann authored and David Edmundson's avatar David Edmundson committed
    Password manager tools like Keepassx offer an option to clear
    the clipboard/selection after some time, e.g. 10 seconds,
    after the password was copied to the clipboard. This works fine,
    but unfortunately the password isn't removed from Klipper's
    history. This is a great security risk, which may make the use
    of password managers impossible.
    This patch changes Klipper::applyClipChanges(const QMimeData* clipData)
    where clipboard data is inserted into history. If the data has an
    additional mime type 'x-kde-passwordManagerHint' with the data 'secret',
    it is not inserted into history.
    For this to work as designed, password managers should add the
    additional mime type 'x-kde-passwordManagerHint' to the mimeData
    like following when copying a password to the clipboard:
    QMimeData* mimeDataClipboard = new QMimeData();
    const QString secretStr = "secret";
    QByteArray secretBa = secretStr.toUtf8();
    mimeDataClipboard->setText(password);  // this is the password to copy
    mimeDataClipboard->setData("x-kde-passwordManagerHint", secretBa);
    clipboard->setMimeData(mimeDataClipboard, QClipboard::Clipboard);
    if (clipboard->supportsSelection()) {
        // we cannot use the same QMimeData, it's already owned by clipboard
        QMimeData* mimeDataSelection = new QMimeData();
        mimeDataSelection->setText(password); // this is the password to
        mimeDataSelection->setData("x-kde-passwordManagerHint", secretBa);
        clipboard->setMimeData(mimeDataSelection, QClipboard::Selection);
    Reviewers: davidedmundson
    Reviewed By: davidedmundson
    Subscribers: dvratil, broulik, graesslin, davidedmundson, plasma-devel
    Tags: #plasma
    Differential Revision: https://phabricator.kde.org/D12539