Why do websites prevent pasting via onpaste="return false;"

5•gleenn•9mo ago

Why do websites do this? Isn't it trivial for bots etc to easily side-step any protection this might give? Or is it just to make people "double-check" their inputs? I find it completely maddening because I would assume I'm way more likely to correctly input a copy-pasted e.g. routing or account number than if I have to manually enter anything. Can we just agree this is terrible UI and is probably detrimental to correct data entry? What am I missing? In frustration I even sometimes open the dev tools and remove this attribute on elements out of spite.

Comments

pwg•9mo ago

> Can we just agree this is terrible UI

It is, but they had some "checklist" that included "block paste" for reasons unknown, and so they blocked pasting.

In firefox, if you change the about:config setting "dom.event.clipboardevents.enabled" to false you'll be able to paste no matter whether the website operator has "block paste" on their braindead checklist or not.

ttw44•9mo ago

You're not wrong in any capacity. It's just bad and doesn't improve any "security" if that was intended.

blazeWayne•9mo ago

It is a god awful pattern! It should be gotten rid of across the web.

However, I have noticed that, on some fields, the field rejects certain input without any message if the input is not the correct intended field type. For example, copying a numeric one time password from an email which gets copied as string and pasting on a field which only accepts numbers. This might look like paste blocking but its not.

journal•9mo ago

you can do some interesting things if you record time between character inputs and analyze across many users, almost like fingerprinting the way someone would type a unique set of characters, we'd all do it differently probably and maybe that can be fingerprinted.

LLMs are powerful, but enterprises are deterministic by nature

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

Ask HN: Ideas for small ways to make the world a better place

Ask HN: Non AI-obsessed tech forums

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

Ask HN: Who wants to be hired? (February 2026)

AI Regex Scientist: A self-improving regex solver

Ask HN: Who is hiring? (February 2026)

Tell HN: Another round of Zendesk email spam

Ask HN: Is Connecting via SSH Risky?

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

Ask HN: Why LLM providers sell access instead of consulting services?

Ask HN: What is the most complicated Algorithm you came up with yourself?

Ask HN: How does ChatGPT decide which websites to recommend?

Ask HN: Is it just me or are most businesses insane?

Ask HN: Any International Job Boards for International Workers?

Ask HN: Mem0 stores memories, but doesn't learn user patterns

Ask HN: Is there anyone here who still uses slide rules?

Kernighan on Programming

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

We built a serverless GPU inference platform with predictable latency

Ask HN: How Did You Validate?

Ask HN: Does a good "read it later" app exist?

Ask HN: Have you been fired because of AI?

Ask HN: Cheap laptop for Linux without GUI (for writing)

Ask HN: Anyone have a "sovereign" solution for phone calls?

Test management tools for automation heavy teams

Ask HN: OpenClaw users, what is your token spend?