Clipboard hijack
Intercept copy events inside the iframe and overwrite the user's clipboard with different content.
Behavior by sandbox policy
| Policy | Expected result |
|---|---|
| No sandbox | works |
sandbox="allow-scripts" | works |
sandbox="" (strictest) | blocked |
Embed snippet
This snippet uses the dedicated embed page. Paste it into your own service and check rendering or blocking behavior.
<iframe src="https://xss-playground.com/embed/clipboard-hijack?lang=en" title="XSS Playground - Clipboard hijack" width="600" height="420" loading="lazy" referrerpolicy="strict-origin-when-cross-origin"></iframe>
Run
Select and copy this line (Cmd/Ctrl+C). The clipboard ends up with something different.
// no logs
Explanation
- The
copyevent can be intercepted inside the iframe's own origin. The user thinks they copied something from the parent page but the clipboard ends up with attacker content. - Real attack value: swap a wallet address for a similar-looking one, or replace a shell command with a destructive variant.
navigator.clipboard.writeTextrequires a user gesture, focus, and permissions, so automatic calls are usually blocked.- With
sandbox=""(empty), JS is blocked entirely, so this attack stops too.