From 8dacbbbb157359447a07ea4562ab6447dacb5f06 Mon Sep 17 00:00:00 2001 From: Ivan Gabaldon Date: Fri, 24 Oct 2025 11:28:07 +0200 Subject: [fix] client/simple: insecure ctx clipboard copy Uses the deprecated [`execCommand()`](https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand) to copy content to clipboard if accessing the instance through HTTP, this method isn't going away soon. Closes https://github.com/searxng/searxng/issues/5359 --- client/simple/src/js/main/keyboard.ts | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'client/simple/src/js/main/keyboard.ts') diff --git a/client/simple/src/js/main/keyboard.ts b/client/simple/src/js/main/keyboard.ts index b5e5d4edc..f165a601a 100644 --- a/client/simple/src/js/main/keyboard.ts +++ b/client/simple/src/js/main/keyboard.ts @@ -407,12 +407,31 @@ const toggleHelp = (keyBindings: typeof baseKeyBinding): void => { }; const copyURLToClipboard = async (): Promise => { - const currentUrlElement = document.querySelector(".result[data-vim-selected] h3 a"); - assertElement(currentUrlElement); + const selectedResult = document.querySelector(".result[data-vim-selected]"); + if (!selectedResult) return; - const url = currentUrlElement.getAttribute("href"); + const resultAnchor = selectedResult.querySelector("a"); + assertElement(resultAnchor); + + const url = resultAnchor.getAttribute("href"); if (url) { - await navigator.clipboard.writeText(url); + if (window.isSecureContext) { + await navigator.clipboard.writeText(url); + } else { + const selection = window.getSelection(); + if (selection) { + const node = document.createElement("span"); + node.textContent = url; + resultAnchor.appendChild(node); + + const range = document.createRange(); + range.selectNodeContents(node); + selection.removeAllRanges(); + selection.addRange(range); + document.execCommand("copy"); + node.remove(); + } + } } }; -- cgit v1.2.3