Why do websites prevent pasting via onpaste="return false;"

5•gleenn•1d ago

Why do websites do this? Isn't it trivial for bots etc to easily side-step any protection this might give? Or is it just to make people "double-check" their inputs? I find it completely maddening because I would assume I'm way more likely to correctly input a copy-pasted e.g. routing or account number than if I have to manually enter anything. Can we just agree this is terrible UI and is probably detrimental to correct data entry? What am I missing? In frustration I even sometimes open the dev tools and remove this attribute on elements out of spite.

Comments

pwg•1d ago

> Can we just agree this is terrible UI

It is, but they had some "checklist" that included "block paste" for reasons unknown, and so they blocked pasting.

In firefox, if you change the about:config setting "dom.event.clipboardevents.enabled" to false you'll be able to paste no matter whether the website operator has "block paste" on their braindead checklist or not.

ttw44•1d ago

You're not wrong in any capacity. It's just bad and doesn't improve any "security" if that was intended.

blazeWayne•1d ago

It is a god awful pattern! It should be gotten rid of across the web.

However, I have noticed that, on some fields, the field rejects certain input without any message if the input is not the correct intended field type. For example, copying a numeric one time password from an email which gets copied as string and pasting on a field which only accepts numbers. This might look like paste blocking but its not.

Ask HN: What are good high-information density UIs (screenshots, apps, sites)?

Ask HN: RAG or shared memory for task planning across physical agents?

Ask HN: How much better are AI IDEs vs. copy pasting into chat apps?

Ask HN: Escaping a Low-Paying Nepali IT Job and Ineffective Learning Cycle

Ask HN: What would you do with the #manga chat channel in Libera IRC network?

Ask HN: Is there a service that offers Common Crawl as an API?

Ask HN: Anyone using knowledge graphs for LLM agent memory/context management?

Blazeio.SharpEvent: A Python Async Primitive That Scales to 1M Waiters with O(1)

Ask HN: AI-Filtering Browser Extension?

AI Summarizer: Summarize Web, YouTube and PDFs in Seconds–Free

Ask HN: How to get good at marketing your product and SEO?

Ask HN: How could vibe coding show the code at a high level to non-programmers?

OSUniverse: Building a Better OSWorld

Ask HN: Hackathons feel fake now

Ask HN: Are you using AI coding assistance?

Ask HN: Nvidia GeForce RTX 5060 arrives May 19 at $299 revive PC builds?

Ask HN: How do you obtain software development contracts?

Getting tired of Helm – any better way to handle deployments in Kubernetes?

Ask HN: Did Aliexpress stop shipping to US?

Why do websites prevent pasting via onpaste="return false;"

Ask HN: Help us validate our idea of an administrative app for small businesses

Ask HN: How are you managing LLM inference at the edge?

We built an AI-powered voice tool to boost sales

Ask HN: Why is the sender chat box always on the right?

Is a Smaller Internet Better?

Ask HN: What's the best framework for building Mac/Windows desktop apps in 2025?

Ask HN: Which Firefox add-ons are you using in 2025?

Ask HN: Have you used Claude Code? Is it any good?

Ask HN: Privacy concerns when using AI assistants for coding?

Ask HN: Has anyone managed to pass Meta's Access Verification?

Why do websites prevent pasting via onpaste="return false;"

Comments

Ask HN: What are good high-information density UIs (screenshots, apps, sites)?

Ask HN: RAG or shared memory for task planning across physical agents?

Ask HN: How much better are AI IDEs vs. copy pasting into chat apps?

Ask HN: Escaping a Low-Paying Nepali IT Job and Ineffective Learning Cycle

Ask HN: What would you do with the #manga chat channel in Libera IRC network?

Ask HN: Is there a service that offers Common Crawl as an API?

Ask HN: Anyone using knowledge graphs for LLM agent memory/context management?

Blazeio.SharpEvent: A Python Async Primitive That Scales to 1M Waiters with O(1)

Ask HN: AI-Filtering Browser Extension?

AI Summarizer: Summarize Web, YouTube and PDFs in Seconds–Free

Ask HN: How to get good at marketing your product and SEO?

Ask HN: How could vibe coding show the code at a high level to non-programmers?

OSUniverse: Building a Better OSWorld

Ask HN: Hackathons feel fake now

Ask HN: Are you using AI coding assistance?

Ask HN: Nvidia GeForce RTX 5060 arrives May 19 at $299 revive PC builds?

Ask HN: How do you obtain software development contracts?

Getting tired of Helm – any better way to handle deployments in Kubernetes?

Ask HN: Did Aliexpress stop shipping to US?

Why do websites prevent pasting via onpaste="return false;"

Ask HN: Help us validate our idea of an administrative app for small businesses

Ask HN: How are you managing LLM inference at the edge?

We built an AI-powered voice tool to boost sales

Ask HN: Why is the sender chat box always on the right?

Is a Smaller Internet Better?

Ask HN: What's the best framework for building Mac/Windows desktop apps in 2025?

Ask HN: Which Firefox add-ons are you using in 2025?

Ask HN: Have you used Claude Code? Is it any good?

Ask HN: Privacy concerns when using AI assistants for coding?

Ask HN: Has anyone managed to pass Meta's Access Verification?