IE6 Clipboard Copy Paste No Prompts

Using an IFRAME as a WebBrowser Control, it’s possible to call ExecWB(IDM_COPY, OLECMDEXECOPT_DONTPROMPTUSER) and ExecWB(IDM_PASTE, OLECMDEXECOPT_DONTPROMPTUSER) to copy and paste clipboard contents without showing any permission dialog. The DONTPROMPTUSER flag is respected because the call comes through the WebBrowser Control’s command dispatch, not through the DOM clipboard API.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>IE6_ClipboardCopyPasteNoPrompts</title></head>
<body>
<center>
<font face="Tahoma" SIZE="2">
<h2>IE6_ClipboardCopyPasteNoPrompts<br />(using an IFRAME as a WebBrowser Control)</h2>

ExecWB(IDM_COPY , OLECMDEXECOPT_DONTPROMPTUSER);<br />
ExecWB(IDM_PASTE , OLECMDEXECOPT_DONTPROMPTUSER);<br />
</font>
<iframe src="iframe.html" width="400" height="380"></iframe>
</center>
</body>
</html>

The clipboard copy/paste prompt in IE6 is tied to document.execCommand("copy"/"paste") calls. When the same operation is issued via the WebBrowser Control’s ExecWB method with the DONTPROMPTUSER flag, the clipboard security check is bypassed. This entry relies on a secondary iframe.html file that contains the full working demonstration code.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.

Read other posts

< [IFrame As WebBrowser - Close, Crash, Search] :: [IE7 UXSS - Read Local Files and URLs Through Feeds] >