DEV Community

Discussion on: How to prevent pasting into input fields

Collapse
 
devhead profile image
dev-head

Nice write up on how to! thanks.

As to the why/why-not, let me take a moment and opine on that...

Please, please just don't do this at all, blocking the UX of a browser because you, or more likely your project manager, wants to be clever and pander the the lowest demonimator doesn't mean you need to. all it does is get in the way of what you want the user to do, and that's give you information. I shouldn't need to confirm my email, any more than i should have to confirm my middle name twice.

Collapse
 
bitdweller profile image
Pedro Pimenta

In addition, I use a password manager to store my credentials and I usually copy most of the data, so it actually makes it more prone to errors in this case. There's no way I'm going to make a mistake if I copy it. Same goes for Credit Card number or account number, so many of them you can't paste into...

Collapse
 
philnash profile image
Phil Nash

I also agree with this, most notably around password managers. If a user is trying to practice good password behaviours but it thwarted by a lack of pasting into a field, then it is likely to get them to choose to use an easier to remember password (probably something they've used before) and makes their account vulnerable to take over.

As developers it is our jobs to help our users be secure, not make it harder for them.

Collapse
 
aurelio profile image
Aurelio

Came here to say just that.
If you use a password manager, chances are you don't even know your passwords, so how are you supposed to type them twice? For many websites I am subscribed to I literally never typed my password once, not even in the moment of choosing it.

This is true for most sensitive data, the best option is to have it pre-filled for you via an extension or at least copy paste from another app.

To give a real world example of why disallowing copy paste is inconvenient for the user, just imagine you are on mobile and trying to fill in a form that prevents pasting. You'd have to either split the screen (browser and password manager app) which is always fiddly, or just flip back and forth and copy a password that is probably (and hopefully) not very readable, or manually write it down on a piece of paper and then input it in the form...

How many people would willingly go through this?

Collapse
 
mordechairoth profile image
mordechairoth

I think it may depend on why the email address is needed. For example on the Chase bank website, when you are trying to send money to another person using their email address, they make you confirm the email address by typing it in twice, and you cannot paste it.
This prevents you from accidentally sending money to the wrong person, and I think this is a reasonable safety measure to take in that situation.

Collapse
 
_bigblind profile image
Frederik πŸ‘¨β€πŸ’»βž‘οΈπŸŒ Creemers

Amen!