Paste Passwords into blocked form fields on the Internet

Martin Brinkmann
Jul 26, 2014
Updated • Jul 29, 2014
Internet
|
29

Most Internet services don't prevent you from pasting information into password fields or other form fields on websites.

Some on the other hand restrict pasting to select fields or none at all, which means that you need to fill out those fields manually as you cannot use copy and paste to do so.

That's at least how it looks like on first glance. One example that I encountered just recently. I added a couple of items to a cart on this site and was asked to create an account to complete the purchase.

Both the repeat email address field and confirm password field are locked on the site blocking you from pasting text into them.

I use KeePass to generate unique passwords for websites and paste the information into the forms. Since I was not able to do so for one field, and had no desire to type a 30+ character password into the confirm password field, I had to find a way to bypass the restriction.

Bypass the restriction

paste in blocked form fields
Using the Inspector to select the page element.

I'm using Firefox as my main browser which is why I demonstrate how it is done using it. All other "mainstream" browsers, Chrome, Opera and Internet Explorer, support Developer Tools as well, and you can usually launch them by hitting F12 while the page is open that you want to modify.

  1. Make sure the page with the form is the active tab in the browser.
  2. Hit F12 to start the Developer Tools.  They are displayed in a frame at the bottom of the browser window in Firefox.
  3. Select the inspector icon (the left icon next to Inspector in the toolbar), and click on the Confirm Password field (or any other field that blocks pasting).
  4. Locate oncopy="return false" and double-click on it.
  5. Change false to true, and et voila, you can paste into the second field as well.
  6. Alternatively, delete the whole property and hit return in the end.

Note: The effect remains until you reload the website, meaning it is not permanent but only temporary. This does not appear to work in Chrome right now, check out the alternatives below.

Alternatives

If you don't like digging in code to resolve the issue, or if a site uses a different method to prevent you from pasting into select fields, then you may be interested in alternatives to the manual solution posted above.

Browser extensions make things more comfortable. Firefox users and users who run forks of the browser may install Disable clipboard manipulations which enables pasting among other things.

Users who run a Chromium-based browser can download and install Don't fuck with paste instead.

Summary
Paste Passwords into blocked form fields on the Internet
Article Name
Paste Passwords into blocked form fields on the Internet
Description
Some websites block you from pasting contents into form fields. This guide explains how you can bypass that restriction.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Peter oh said on October 17, 2017 at 5:15 am
    Reply

    The disabling of copy/paste for passwords is insane & no “security argument” will suffice to justify.
    I am sure i am not alone, certainly like you I either invent long passwords or have LastPass create them.
    Then of course I fail to type correctly about half the time or simply give up with all the messing about required.
    I use Opera & Chrome, looksw like Opera will gain in use now.
    Thanks for a great tip.

  2. Jason said on October 2, 2017 at 9:08 am
    Reply

    Dude
    You absolute LEGEND!
    I had the EXACT issue as described, been using Keepass for years and the stupid Visa Checkout website does not allow you to paste a new password after you have resetted it.
    Installed “Dont fuck with paste” on chrome, gave it a 5 star rating and BOOM! worked!

    1. Lucent said on December 6, 2018 at 5:49 am
      Reply

      Same here. Send Visa Checkout a letter about it. It’s monumentally stupid. I’m not going to type all that in like some grandma. I hope my Visa Checkout does get hacked and they lose money making me whole.

  3. Kevin said on February 15, 2016 at 10:37 am
    Reply

    This is built into FireFox (now?)

    in about:config

    dom.event.clipboardevents.enabled – set to false :)

  4. Ravi kumar said on June 11, 2015 at 9:15 am
    Reply

    Martin…
    Thanx a lot dear
    I have no words to how say thanx to you bro
    You did very well job
    Thanx again

  5. Kyle McKenna said on November 2, 2014 at 3:02 pm
    Reply

    Great stuff Martin. Thanks a lot. Wish I’d thought to look this up a year ago! But more and more websites are prohibiting pasting of credit card numbers, addresses, etc etc. Incredibly tedious, and even worse for the dyslexic.

  6. rickxs said on July 29, 2014 at 12:58 am
    Reply

    nice tip martin , thanks for this

  7. martin said on July 28, 2014 at 12:58 pm
    Reply

    Slightly off topic, but I love the new ‘jump to top’ icon. How about a ‘bottom’ one as well.? I get finger friction burns from swiping repeatedly on some sites! They should be everywhere. Isn’t there any add-on?

    1. Martin Brinkmann said on July 28, 2014 at 4:22 pm
      Reply

      I don’t think so Martin. You are the first to mention the jump to top icon by the way ;)

  8. Anand said on July 28, 2014 at 11:40 am
    Reply

    To circumvent this type of problem, where one can not paste a clipboard value, I made “Paste Text Like” https://sites.google.com/site/pastetextlike/

    It allows to paste mimicking a keyboard typing, thus works on all places including website, programs, list box etc. One do not need to change the browser and will also work where you can not change anything.

    Regards,

    Anand

  9. humalaput said on July 28, 2014 at 7:27 am
    Reply

    Not working on Chrome Version 36.0.1985.125 m

    1. Martin Brinkmann said on July 28, 2014 at 7:38 am
      Reply

      The extension or the method itself?

      1. Serge said on September 12, 2017 at 2:39 am
        Reply

        Did not work for me either. Then I realized that the attribute to change is onPaste, not onCopy. May be new version

      2. humalaput said on July 29, 2014 at 5:40 am
        Reply

        the method itself.

      3. Martin Brinkmann said on July 29, 2014 at 8:13 am
        Reply

        Hm, you are right, I just checked in Chrome Stable and it does not work. Well, I suggest you try the extension then, not sure why the manual method does not work.

  10. Bob said on July 28, 2014 at 3:38 am
    Reply

    Thank you so much,
    This Stuff has been driving me mad.
    Was starting to blame Lastpass, but not so.
    Do you know of a extension for Safari?

  11. Dave said on July 27, 2014 at 11:45 pm
    Reply

    You should make an article on why everyone should disable clipboard events all the time, and why Mozilla should make it the default setting.

  12. Rick Toronto said on July 27, 2014 at 6:49 pm
    Reply

    You can also use the FF addon “secure login 1.03”. It works with all of the software giveaway sites that require an account to be setup to complete the purchase of a application on “sale”.

  13. rodzilla said on July 27, 2014 at 2:28 pm
    Reply

    I’ve said it before Martin, and I’ll say it again ………..

    Your blood is definitely worth drinking! :)

  14. Vin said on July 27, 2014 at 9:10 am
    Reply

    install https://addons.mozilla.org/en-US/firefox/addon/righttoclick/
    In options: tick only disable page cut, copy handlers then press yellow arrow in toolbar, job done.

  15. Dwight Stegall said on July 27, 2014 at 1:38 am
    Reply

    Got anymore tips of this type for other websites?

    1. Martin Brinkmann said on July 27, 2014 at 9:05 am
      Reply

      Do you have anything in particular in mind?

  16. Sylvio Haas said on July 26, 2014 at 10:00 pm
    Reply

    Martin, I was accustomed to use Phrase Express (your recommendation some time ago) to fulfill the bank agency number and account number fields in order to enter my account, and also some fields once inside the account. I could also copy and paste or use the Virtual Keyboard. My bank suddenly prohibited that procedure saying it is for the client’s security. Now I can only use the regular keyboard. Virtual Keyboard and Phrase Express cannot be used any more. After reading this article of yours I installed the Disable Clipboard Manipulation and the functionality – Copy and paste is back, but neither Phrase Express nor Virtual Keyboard work to fulfill the bank’s fields. My question to you, and I thank you right now for the answer, is: should I insist using the Copy and Paste functionality in spite of the bank’s prohibition (somehow I feel safer doing so) or is it better to use the regular keyboard and consequently exclude the Disable Clipboard Manipulation extension? Which is safer in your opinion, Copy and Paste or the use of the regular keyboard? I have Malwarebytes Anti Malware Premium installed and also Zemana AntiLogger. (Forgive my English…) Thank you.

    1. Martin Brinkmann said on July 26, 2014 at 10:47 pm
      Reply

      Copy and paste is just fine.

      1. Sylvio Haas said on July 27, 2014 at 2:46 am
        Reply

        Thank you! The art of answering in simple six words a question that demanded 978 words!!! lol

  17. Jan said on July 26, 2014 at 5:43 pm
    Reply

    The about:config change to avoid being stopped from any paste or copy is maybe the lighter and easier change for anyone using firefox or a derivative. (It is suggested in the addons linked)

    Set dom.event.clipboardevents.enabled to false, et voila

    Note this may break a little bit rich pasting into some javascript WYSIWYG editors.

    1. AntiFTW said on December 16, 2020 at 9:49 am
      Reply

      @Jan

      Made my day in 2020, as there are still sites that use this backwards principle, and your fix still works :)

  18. X said on July 26, 2014 at 5:28 pm
    Reply

    Was Ctrl-V blocked as well?

    1. Martin Brinkmann said on July 26, 2014 at 5:52 pm
      Reply

      Yes it was blocked

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.