From 8dacbbbb157359447a07ea4562ab6447dacb5f06 Mon Sep 17 00:00:00 2001
From: Ivan Gabaldon <igabaldon@inetol.net>
Date: Fri, 24 Oct 2025 11:28:07 +0200
Subject: [fix] client/simple: insecure ctx clipboard copy

Uses the deprecated [`execCommand()`](https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand)
to copy content to clipboard if accessing the instance through HTTP, this method
isn't going away soon.

Closes https://github.com/searxng/searxng/issues/5359
---
 searx/templates/simple/elements/search_url.html | 2 +-
 searx/templates/simple/preferences/cookies.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'searx/templates/simple')

diff --git a/searx/templates/simple/elements/search_url.html b/searx/templates/simple/elements/search_url.html
index a585ff70b..8f52f2f9a 100644
--- a/searx/templates/simple/elements/search_url.html
+++ b/searx/templates/simple/elements/search_url.html
@@ -1,7 +1,7 @@
 <div id="search_url" role="complementary" aria-labelledby="search_url-title">
   <details class="sidebar-collapsible">
     <summary class="title" id="search_url-title">{{ _('Search URL') }}</summary>
-    <button id="copy_url" type="submit" data-copied-text="{{ _('Copied') }}">{{ _('Copy') }}</button>
+    <button id="copy_url" type="button" class="button" data-copied-text="{{ _('Copied') }}">{{ _('Copy') }}</button>
     <div class="selectable_url">
       <pre>{{ url_for('search', _external=True) }}?q={{ q|urlencode }}&amp;language={{ current_language }}&amp;time_range={{ time_range }}&amp;safesearch={{ safesearch }}
         {%- if pageno > 1 -%}
diff --git a/searx/templates/simple/preferences/cookies.html b/searx/templates/simple/preferences/cookies.html
index 4b9d4687a..f3c74a2e9 100644
--- a/searx/templates/simple/preferences/cookies.html
+++ b/searx/templates/simple/preferences/cookies.html
@@ -51,7 +51,7 @@
       {{- preferences_url_params|e }}
     </pre>{{- '' -}}
   </div>
-  <button id="copy-hash" class="button" data-hash="{{- preferences_url_params|e -}}" data-copied-text="{{- _('Copied') -}}">{{- _('Copy') -}}</button>
+  <button id="copy-hash" type="button" class="button" data-hash="{{- preferences_url_params|e -}}" data-copied-text="{{- _('Copied') -}}">{{- _('Copy') -}}</button>
 </div>
 <h4>
   {{- _('Insert copied preferences hash (without URL) to restore') -}}:{{- '' -}}
-- 
cgit v1.2.3