Clipboard copy from browser considered harmful

looking up a tutorial or reference in your browser, copying some shell command to clipboard, and blindly trusting it by pasting it to your terminal window; a pretty common occurence today.

modifying it so that what gets copied to the clipboard does not correspond with what is visually represented on the screen is a simple task thanks to the ::before and content css modifiers.

currently been tested on ;

consider the following code

span {
    font-family: monospace;
    position: absolute;
    color: white;
    cursor: text;
span::selection {
    background: #accef7;
    color: #accef7;
span::before {
    content: "clip";
    position: absolute;
    color: black;

with a live test below


if you're using a «vulnerable» browser, copying the text above saying clip, should copy fuck to your clipboard.

safe pasting

a neat way to handle safe pasting would be to run the command fc -e 'vim -c %d' before every paste.

fc is a tool (usually a shell builtin) to place a previous (usually the last) ran command into a temporary file, edit it with $FCEDIT, and then execute the contents of the modified file via the shell.

by passing vim -c %d as the -e flag of fc, we're telling vim to %d (delete all lines) on startup.

this way we'll have a clean file to which we can paste our clipboard contents.

alias prepaste='builtin fc -e "vim -c %d -c \"set paste\""'
tl;dr verify the data before you paste anything you've yanked from your browser.