Hmm. I'll take a look at this, I thought we only accepted text/plain data for clipboard sharing (and maybe text/htmlas well), and would reject anything else... But I could be misremembering.

To be honest I'm not sure how many Linux applications correctly set the clipboard data MIME type, but I agree we should do what we can to prevent passwords being shared unintentionally.

Thanks for taking the time.
If I'm correct, these are the MIME types accepted by GSConnect:

const TEXT_MIMETYPES = [
    'text/plain;charset=utf-8',
    'UTF8_STRING',
    'text/plain',
    'STRING',
];

And these are the MIME types of passwords returned by the GNOME evaluator when running St.Clipboard.get_default().get_mimetypes(Meta.SelectionType.SELECTION_CLIPBOARD):

0: text/plain;charset=utf-8
1: x-kde-passwordManagerHint
2: text/plain

For now, maybe a simple validation to check that x-kde-passwordManagerHint is not present in the MIME types should be enough, while an option in the config to control password sharing is being considered.

@cesar19004

Mmm, it looks like currently we special-case ignore any clipboard with text/uri-list in its mimetypes...

I don't see why we couldn't extend that to also exclude x-kde-passwordManagerHint... although it maybe seems a bit odd to see x-kde-passwordManagerHint clipboard contents in a GNOME Shell session? (Still no harm in doing it, tho.)

My one slight worry with this is whether there might be users who rely on copy-pasting passwords to their mobile device, who we might be breaking things for if we disable this across-the-board.

Agreed, using x-kde-passwordManagerHint in GNOME Shell seems odd. Also, it doesn't seem to be widely adopted at the moment and passwords copied from some password managers could still be shared. However, in the meantime, it shouldn’t cause harm to validate it while we wait for a more standard or better alternative.

Perhaps, to avoid breaking the copy-pasting of passwords for users who use it, it could be added as an experimental option disabled by default

I would think having a trusted password manager in one device and copy pasting passwords over gsconnect to another is a valid, perhaps even quite normal use case. So I wouldn't make it the default to exclude those. Saves on having to figure out syncing a keepass database for example and dealing with sync conflicts.

I think it would be weird for us to set an x-kde mimetype, but aren't we just talking about handling that when set by others? KeepassXC is definitely used in gnome desktops.

Hi @daniellandau,
Yes, by setting that option to be disabled by default, I meant that it would only prevent sending passwords when the option is enabled.

I think it would be weird for us to set an x-kde mimetype, but aren't we just talking about handling that when set by others? KeepassXC is definitely used in gnome desktops.

Yeah, I see no reason to set that MIME type, only to read it. KeepassXC is quite popular, so I agree that it's definitely used by GNOME users.