• glassware@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    And never run commands copied from a web page, even if you do know them.

    JavaScript’s copy/paste API means a website owner or an attacker can change the contents of your clipboard after you press copy, and you’ll end up pasting malicious commands into your shell. I think Firefox blocks this now, don’t know about Chrome.