Does Tahoe's Clipboard History feature support NSPasteboard.org's standards?

Question

Created 1w

Replies 5

Boosts 0

Participants 2

I have sadly not found any updated documentation regarding NSPasteboard or clipboard history in Spotlight on macOS Tahoe.

However...

It seems to support the standards outlined in NSPasteboard.org.

Here's my example code in macOS 26.0 Beta:

private func addPasswordToClipboardAsSimpleString() {
    NSPasteboard.general.declareTypes([.string], owner: nil)
    NSPasteboard.general.setString("Insecure password :(", forType:
.string)
}

private func addPasswordToClipboardAsNSPasteboardOrgString() {
    NSPasteboard.general.declareTypes(
        [
            .string,
            .init("org.nspasteboard.ConcealedType"),
            .init("org.nspasteboard.TransientType")
        ],
        owner: nil
    )
    
    NSPasteboard.general.setString(
        "Secure password :)",
        forType: .string
    )
}

When calling addPasswordToClipboardAsSimpleString(), the string is always visible in clipboard history in spotlight.

When calling addPasswordToClipboardAsNSPasteboardOrgString(), the string is not visible in clipboard history in spotlight. Once the org.nspasteboard.* types are removed from the declaration, the item is visible in clipboard history.

Can someone from Apple confirm what the behavior of the clipboard history is regarding NSPasteboard.org standards? Or is there an official API to mark a confidential (e.g. password) item that I write to NSPasteboard.general not show up in Spotlight's clipboard history?

Boost

Answer 1

Etresoft OP

1w

There are no "standards" at NSPasteboard.org. That's just somebody's web site.

The pasteboard is not a safe place for confidential data. Any data put into the pasteboard should be assumed to be permanently recorded in plain text in some very obscure locations, possibly shared with local devices, and depending on 3rd party apps, shared in the cloud.

0

Answer 2

Etresoft OP

1w

It's better to respond with a reply. I just randomly checked some of my old replies to look for comments and found this.

I'm not sure what you're asking. It may be just a bug with clipboard history in Spotlight. Isn't that still in beta? When you added those strings (deprecated by the way) to the declared types list, that might cause spotlight history to omit this information. But there's definitely no kind of data security going on or anything. You put something on the pasteboard, it's there for all apps to see.

0

Answer 3

berd-lp OP

1w

But there's definitely no kind of data security going on or anything. You put something on the pasteboard, it's there for all apps to see.

I've never said this wasn't the case. I said it doesn't show up in macOS Tahoe's clipboard history, just like it doesn't show up in the clipboard history of 3rd-party apps supporting NSPasteboard.org's protocols.

1

Answer 4

Etresoft OP

1w

If you think the behaviour of the system is wrong, file a bug report.

Just don't assume there is any security in the pasteboard.

0

Answer 5

berd-lp OP

1w

I really recommend going back to reading my original post.

I asked a yes or no question, does Apple's clipboard history in Tahoe support the NSPasteboard.org protocols, because my code seems to be confirming that. (Not to mention their own Passwords app's items don't show up on the clipboard either.)

You are adding your own agenda about security and bugs. I've never implied either of those things, and was not talking about them either.

0