Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable persisting clipboard history by default #194

Open
lostfictions opened this issue Feb 17, 2021 · 0 comments
Open

Disable persisting clipboard history by default #194

lostfictions opened this issue Feb 17, 2021 · 0 comments
Assignees

Comments

@lostfictions
Copy link

lostfictions commented Feb 17, 2021

Hi there, thanks for this extension!

I noticed that the documentation is a bit misleading about under what circumstances the clipboard is persisted to disk; it says that you can set a path for the persistence file manually, or set false to disable it, and that the default is null. To me, with JS falsiness rules, I took that to mean that persistence was disabled by default. Imagine my surprise to discover my clipboard history was kept around!

To me, this is a major issue and security risk -- I'm often copying values into and out of .env files including keys and passwords, and my expectation is that they're not going to be saved to disk somewhere else without my explicit decision to do so. What's worse, if I disable onlyWindowFocused -- which is often a useful thing to do -- the extension will happily save unrelated passwords copied from my password manager to disk too.

I think I'm one of the more attentive people in this regard in that I looked over the documentation -- I'm certain lots of folks have also installed this extension without realizing their clipboard was getting saved to disk by default without their opting in to it. I feel pretty strongly that this feature should be disabled by default. If not, I think it should be made very clear to the user that this is happening, especially if they disable onlyWindowFocused, and the documentation should be amended to clarify that null will save to VSCode's User directory or the OS's tmpdir.

@edgardmessias edgardmessias self-assigned this Mar 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants