| Summary: | KDE Connect ignores "Exclude passwords" option on macOS | ||
|---|---|---|---|
| Product: | [Applications] kdeconnect | Reporter: | Pavel N <nedomik> |
| Component: | macos-application | Assignee: | Ruixuan Tu <turx2003> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | nicolas.fella |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | macOS | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
The current support for this is only implemented on Linux using a similar MIME type check: https://invent.kde.org/network/kdeconnect-kde/-/blob/master/plugins/clipboard/clipboardlistener.cpp#L64 |
SUMMARY KDE Connect clipboard synchronization shares passwords copied from KeePassXC, even though the clipboard content is marked as sensitive by the application and the option to "Include passwords" is disabled. STEPS TO REPRODUCE 1) Install KDE Connect on macOS Sonoma 14.6.1 (ARM version, kdeconnect-kde-master-4354-macos-clang-arm64.dmg). 2) Configure the Clipboard plugin in KDE Connect to automatically share the clipboard, but disable the "Include passwords (as marked by password managers)" option. 3) Copy a password using KeePassXC (version 2.7.8). 4) Observe that the password is synced to the connected phone, even though it should be excluded. OBSERVED RESULT When copying a password from KeePassXC, the clipboard is populated with several MIME types, including: "org.nspasteboard.ConcealedType" "com.trolltech.anymime.application--x-nspasteboard-concealed-type" These types are added by KeePassXC to indicate that the clipboard content is sensitive. However, KDE Connect still shares this content with connected devices, despite the "Include passwords" option being disabled. EXPECTED RESULT KDE Connect should detect these MIME types (specifically org.nspasteboard.ConcealedType and com.trolltech.anymime.application--x-nspasteboard-concealed-type) that mark clipboard content as sensitive and avoid sharing the clipboard content with connected devices, particularly when the "Include passwords" option is disabled. SOFTWARE/OS VERSIONS macOS: Sonoma 14.6.1 KDE Connect Version: kdeconnect-kde-master-4354-macos-clang-arm64.dmg (nightly version) KeePassXC Version: 2.7.8 ADDITIONAL INFORMATION When copying a password from KeePassXC, the clipboard on macOS includes MIME types that indicate sensitive data, added by KeePassXC. KDE Connect should respect these MIME types to avoid sharing clipboard content marked as sensitive. The exact MIME types returned by macOS are as follows: {"public.utf8-plain-text", "com.apple.traditional-mac-plain-text", "public.utf16-plain-text", "public.text", "com.trolltech.anymime.text--plain", "org.nspasteboard.ConcealedType", "com.trolltech.anymime.application--x-nspasteboard-concealed-type"}