You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that the documentation is a bit misleading about under what circumstances the clipboard is persisted to disk; it says that you can set a path for the persistence file manually, or set false to disable it, and that the default is null. To me, with JS falsiness rules, I took that to mean that persistence was disabled by default. Imagine my surprise to discover my clipboard history was kept around!
To me, this is a major issue and security risk -- I'm often copying values into and out of .env files including keys and passwords, and my expectation is that they're not going to be saved to disk somewhere else without my explicit decision to do so. What's worse, if I disable onlyWindowFocused -- which is often a useful thing to do -- the extension will happily save unrelated passwords copied from my password manager to disk too.
I think I'm one of the more attentive people in this regard in that I looked over the documentation -- I'm certain lots of folks have also installed this extension without realizing their clipboard was getting saved to disk by default without their opting in to it. I feel pretty strongly that this feature should be disabled by default. If not, I think it should be made very clear to the user that this is happening, especially if they disable onlyWindowFocused, and the documentation should be amended to clarify that null will save to VSCode's User directory or the OS's tmpdir.
The text was updated successfully, but these errors were encountered:
Hi there, thanks for this extension!
I noticed that the documentation is a bit misleading about under what circumstances the clipboard is persisted to disk; it says that you can set a path for the persistence file manually, or set
false
to disable it, and that the default isnull
. To me, with JS falsiness rules, I took that to mean that persistence was disabled by default. Imagine my surprise to discover my clipboard history was kept around!To me, this is a major issue and security risk -- I'm often copying values into and out of
.env
files including keys and passwords, and my expectation is that they're not going to be saved to disk somewhere else without my explicit decision to do so. What's worse, if I disableonlyWindowFocused
-- which is often a useful thing to do -- the extension will happily save unrelated passwords copied from my password manager to disk too.I think I'm one of the more attentive people in this regard in that I looked over the documentation -- I'm certain lots of folks have also installed this extension without realizing their clipboard was getting saved to disk by default without their opting in to it. I feel pretty strongly that this feature should be disabled by default. If not, I think it should be made very clear to the user that this is happening, especially if they disable
onlyWindowFocused
, and the documentation should be amended to clarify thatnull
will save to VSCode'sUser
directory or the OS'stmpdir
.The text was updated successfully, but these errors were encountered: