This master
branch contains the v2.x
codebase for ZeroClipboard! For the v1.x
codebase, see the 1.x-master
branch instead.
The ZeroClipboard library provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie and a JavaScript interface. The "Zero" signifies that the library is invisible and the user interface is left entirely up to you.
This is achieved by automatically floating the invisible movie on top of a DOM element of your choice. Standard mouse events are even propagated out to your DOM element, so you can still have rollover and mousedown effects.
Due to browser and Flash security restrictions, this clipboard injection can ONLY occur when
the user clicks on the invisible Flash movie. A simulated click
event from JavaScript will not
suffice as this would enable clipboard poisoning.
If a handler of copy
event intends to modify the pending data for clipboard
injection, it MUST operate synchronously in order to maintain the temporarily elevated
permissions granted by the user's click
event. The most common "gotcha" for this restriction is
if someone wants to make an asynchronous XMLHttpRequest in response to the copy
event to get the
data to inject — this will not work. You must make it a synchronous XMLHttpRequest instead,
or do the work in advance before the copy
event is fired.
See Support and Browser-Specific Known Issues below.
See OS Considerations below.
See sandbox
ed iframe
Limitations below.
See Cross-Protocol Limitations and file://
Protocol Limitations below.
npm install zeroclipboard
bower install zeroclipboard
spm install zeroclipboard
component install zeroclipboard/zeroclipboard
For any PHP Composer users, ZeroClipboard is also available on Packagist.
For any Rails users, the zeroclipboard-rails
Ruby Gem is available to automatically add ZeroClipboard into your Rails asset pipeline.
If you'd like to use ZeroClipboard hosted via a CDN (content delivery network), you can try:
To use the library, simply include the following JavaScript file in your page:
<script type="text/javascript" src="ZeroClipboard.js"></script>
You also need to have the "ZeroClipboard.swf
" file available to the browser. If this file is
located in the same directory as your web page, then it will work out of the box. However, if the
SWF file is hosted elsewhere, you need to set the URL like this (place this code after the script
tag):
ZeroClipboard.config( { swfPath: "http://YOURSERVER/path/ZeroClipboard.swf" } );
If you intend to use the minified version of ZeroClipboard, you will likely also want to do one of the following two things:
- Include the SourceMap file ("ZeroClipboard.min.map") in the same hosted directory in order to be able to debug as unminified JavaScript in your browser dev tools.
- Open the "ZeroClipboard.min.js" file and remove the last line. It is a comment that begins with
//# sourceMappingURL=
. Removing this line will prevent the browsers' dev tools from requesting the file.
The SourceMap is not required for normal operation and typically will not be requested by the browser unless the dev tools are open. If you do NOT include the SourceMap in your hosted directory [or remove the sourceMappingURL
comment], then you may see a variety of confusing warnings in your dev tools' JavaScript console:
[Error] Failed to load resource: the server responded with a status of 404 (Not Found) (ZeroClipboard.min.map, line 0)
http://YOURSERVER/path/ZeroClipboard.min.js is being assigned a //# sourceMappingURL, but already has one
You may not see any error message in Chrome's console. However, you will likely see 404 responses in the Network tab, e.g.
ZeroClipboard.min.map 404 (Not Found)
You will likely see an error message in the Debugger tab.
Now you are ready to create one or more clients. A client is a single instance of the clipboard library on the page, linked to one or more DOM elements. Here is how to create a client instance:
var client = new ZeroClipboard();
You can also include an element or array of elements in the new client. **This example uses jQuery to find "copy buttons".
var client = new ZeroClipboard($(".copy-button"));
For the full API documentation, see api/ZeroClipboard.md. The full set of Configuration Options are also documented there.
For developers who want to wrap ZeroClipboard into a 3rd party plugin (e.g. jquery.zeroclipboard), see the api/ZeroClipboard.Core.md documentation instead.
Setting the clipboard text can be done in 4 ways:
-
Add a
copy
event handler in which you callevent.clipboardData.setData
to set the appropriate data. This event is triggered every time ZeroClipboard tries to inject into the clipboard. Example:client.on( "copy", function (event) { var clipboard = event.clipboardData; clipboard.setData( "text/plain", "Copy me!" ); clipboard.setData( "text/html", "<b>Copy me!</b>" ); clipboard.setData( "application/rtf", "{\\rtf1\\ansi\n{\\b Copy me!}}" ); });
-
Set the "text/plain" [and usually "text/html"] clipboard segments via
data-clipboard-target
attribute on the button. ZeroClipboard will look for the target element via ID and try to get the HTML value via.value
,.outerHTML
, or.innerHTML
, and the text value via.value
,.textContent
, or.innerText
. If the HTML and text values for the targeted element match, the value will only be placed into the "text/plain" segment of the clipboard (i.e. the "text/html" segment will cleared).
<button id="my-button_text" data-clipboard-target="clipboard_text">Copy to Clipboard</button>
<button id="my-button_textarea" data-clipboard-target="clipboard_textarea">Copy to Clipboard</button>
<button id="my-button_pre" data-clipboard-target="clipboard_pre">Copy to Clipboard</button>
<input type="text" id="clipboard_text" value="Clipboard Text"/>
<textarea id="clipboard_textarea">Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</textarea>
<pre id="clipboard_pre">Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</pre>
- Set the "text/plain" clipboard segment via
data-clipboard-text
attribute on the button. Doing this will let ZeroClipboard take care of the rest.
<button id="my-button" data-clipboard-text="Copy me!">Copy to Clipboard</button>
- Set the data via the
ZeroClipboard.setData
(any segment) method. You can call this function at any time: when the page first loads, or later like in acopy
event handler. Example:
ZeroClipboard.setData( "text/plain", "Copy me!" );
The important caveat of using ZeroClipboard.setData
is that the data it sets is transient and will only be used for a single copy operation. As such, we do not particularly
recommend using ZeroClipboard.setData
(and friends) other than inside of a copy
event handler; however, the API will not prevent you from using it in other ways.
- Set the data via the
client.setText
("text/plain" segment),client.setHtml
("text/html" segment),client.setRichText
("application/rtf" segment), orclient.setData
(any segment) methods. You can call this function at any time: when the page first loads, or later like in acopy
event handler. Example:
client.setText( "Copy me!" );
The important caveat of using client.setData
(and friends) is that the data it sets is transient and will only be used for a single copy operation. As such, we do not particularly
recommend using client.setData
(and friends) other than inside of a copy
event handler; however, the API will not prevent you from using it in other ways.
Clipping refers to the process of "linking" the Flash movie to a DOM element on the page. Since the Flash movie is completely transparent, the user sees nothing out of the ordinary.
The Flash movie receives the click event and copies the text to the clipboard. Also, mouse actions like hovering and mousedown
generate events that you can capture (see Event Handlers below).
To clip elements, you must pass an element, or array of elements to the clip
function.
Here is how to clip your client library instance to a DOM element:
client.clip( document.getElementById("d_clip_button") );
You can pass in a reference to the actual DOM element object itself or an array of DOM objects. The rest all happens automatically: the movie is created, all your options set, and it is floated above the element, awaiting clicks from the user.
<button id="my-button" data-clipboard-text="Copy me!" title="Click to copy to clipboard.">Copy to Clipboard</button>
And the code:
var client = new ZeroClipboard( $("button#my-button") );
Since the Flash movie is floating on top of your DOM element, it will receive all the mouse events before the browser has a chance to catch them. However, for convenience, these events are passed through to your clipboard client which you can capture (see Event Handlers below), so long as the bubbleEvents
configuration property remains set to true
.
In addition to this, ZeroClipboard can also manage CSS classes on the clipped elements that mimic the CSS pseudo-classes ":hover" and ":active" on your DOM element. This essentially allows your elements to behave normally, even though the floating Flash movie is the first object receiving all the mouse events during the event bubbling phase. These "pseudo-pseudo-class" names are configurable via the hoverClass
and activeClass
configuration properties.
Example CSS, targeting a DOM element with a class of "clip_button":
.clip_button {
width: 150px;
text-align: center;
border: 1px solid black;
background-color: #ccc;
margin: 10px;
padding: 10px;
}
.clip_button.zeroclipboard-is-hover { background-color: #eee; }
.clip_button.zeroclipboard-is-active { background-color: #aaa; }
The following are complete, working examples of using the clipboard client library in HTML pages.
Here is a quick example using as few calls as possible:
<html>
<body>
<div id="d_clip_button" class="clip_button" data-clipboard-text="Copy Me!" title="Click to copy." style="border:1px solid black; padding:20px;">Copy To Clipboard</div>
<script type="text/javascript" src="ZeroClipboard.js"></script>
<script type="text/javascript">
var client = new ZeroClipboard( document.getElementById('d_clip_button') );
</script>
</body>
</html>
When clicked, the text "Copy me!" will be copied to the clipboard.
Here is a more complete example which exercises many of the configuration options and event handlers:
<html>
<head>
<style type="text/css">
.clip_button {
text-align: center;
border: 1px solid black;
background-color: #ccc;
margin: 10px;
padding: 10px;
}
.clip_button.zeroclipboard-is-hover { background-color: #eee; }
.clip_button.zeroclipboard-is-active { background-color: #aaa; }
</style>
</head>
<body>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript" src="ZeroClipboard.js"></script>
<div class="clip_button">Copy To Clipboard</div>
<div class="clip_button">Copy This Too!</div>
<script type="text/javascript">
var client = new ZeroClipboard( $('.clip_button') );
client.on( 'ready', function(event) {
// console.log( 'movie is loaded' );
client.on( 'copy', function(event) {
event.clipboardData.setData('text/plain', event.target.innerHTML);
} );
client.on( 'aftercopy', function(event) {
console.log('Copied text to clipboard: ' + event.data['text/plain']);
} );
} );
client.on( 'error', function(event) {
// console.log( 'ZeroClipboard error of type "' + event.name + '": ' + event.message );
ZeroClipboard.destroy();
} );
</script>
</body>
</html>
- JSFiddle
- CodePen
- JSBin
ZeroClipboard creates DOM elements with pre-configured attributes, e.g. a div
element with an ID of "global-zeroclipboard-html-bridge"
to encapsulate the Flash object.
If you have a need to change the default values, they can be configured by passing in values for containerId
, containerClass
, and/or swfObjectId
using the ZeroClipboard.config
method. Configuration of these values is completely optional. These values cannot be reconfigured while the ZeroClipboard SWF is actively embedded, and so are completely ignored during that time.
Values for containerId
and swfObjectId
are validated against the HTML4 spec for ID
and Name
tokens.
If using AMD with a library such as RequireJS, etc., you shouldn't need to do any special configuration for ZeroClipboard to work correctly as an AMD module.
If using CommonJS with a library such as Browserify, Webmake, etc., you shouldn't need to do any special configuration for ZeroClipboard to work correctly as an CommonJS module.
- Cause: Bootstrap's Modal has an
enforceFocus
function that tries to keep the focus on the modal. However, since the ZeroClipboard container is an immediate child of thebody
, this enforcement conflicts. Note that this workaround actually overrides a core Bootstrap Modal function, and as such must be kept in sync as this function changes in future versions of Bootstrap. - Workaround: Targeted against Bootstrap v3.x.
if (/MSIE|Trident/.test(window.navigator.userAgent)) {
(function($) {
var zcContainerId = ZeroClipboard.config('containerId');
$('#' + zcContainerId).on('focusin', false);
})(window.jQuery);
}
if (/MSIE|Trident/.test(window.navigator.userAgent)) {
(function($) {
var zcClass = '.' + ZeroClipboard.config('containerClass');
var proto = $.fn.modal.Constructor.prototype;
proto.enforceFocus = function() {
$(document)
.off('focusin.bs.modal') /* Guard against infinite focus loop */
.on('focusin.bs.modal', $.proxy(function(e) {
if (this.$element[0] !== e.target &&
!this.$element.has(e.target).length &&
/* Adding this final condition check is the only real change */
!$(e.target).closest(zcClass).length
) {
this.$element.focus();
}
}, this));
};
})(window.jQuery);
}
- Cause: jQuery UI's Dialog (with
{ modal: true }
set) has a_keepFocus
function that tries to keep the focus on the modal. However, since the ZeroClipboard container is an immediate child of thebody
, this enforcement conflicts. Luckily, jQuery UI offers more natural extension points than Bootstrap, so the workaround is smaller and less likely to be broken in future versions. - Workaround: Targeted against jQuery UI v1.10.x.
if (/MSIE|Trident/.test(window.navigator.userAgent)) {
(function($) {
var zcClass = '.' + ZeroClipboard.config('containerClass');
$.widget( 'ui.dialog', $.ui.dialog, {
_allowInteraction: function( event ) {
return this._super(event) || $( event.target ).closest( zcClass ).length;
}
} );
})(window.jQuery);
}
This library is fully compatible with Flash Player 11.0.0 and above, which requires that the clipboard copy operation be initiated by a user click event inside the Flash movie. This is achieved by automatically floating the invisible movie on top of a DOM element of your choice. Standard mouse events are even propagated out to your DOM element, so you can still have rollover and mousedown effects with just a little extra effort.
ZeroClipboard v2.x
is expected to work in IE9+ and all of the evergreen browsers.
Although support for IE7 & IE8 was officially dropped in v2.0.0
, it was actually
still technically supported through v2.0.2
.
- Issue #459
- Problem: Both the implicit observation of clipped elements'
cursor
CSS property and theforceHandCursor: true
Configuration Option cannot be honored in Opera's NPAPI Flash Player plugin. - Workaround: End users must install both Opera 24+ AND the separate PPAPI Flash Player plugin that is currently only available in Adobe Flash Player 16 Beta (look for the OS-specific download entitled "Download Flash Player for Opera and Chromium based applications – PPAPI"). Beginning with Opera 27 (currently in the alpha/dev channel cycle), Opera will automatically warn users that only have the NPAPI Flash Player plugin installed and guide them into installing the PPAPI Flash Player plugin from Adobe.
- Problem: Both the implicit observation of clipped elements'
Because ZeroClipboard will be interacting with your users' system clipboards, there are some special considerations specific to the users' operating systems that you should be aware of. With this information, you can make informed decisions of how your site should handle each of these situations.
-
If you want to ensure that your Windows users will be able to paste their copied text into Windows Notepad and have it honor line breaks, you'll need to ensure that the text uses the sequence
\r\n
instead of just\n
for line breaks. If the text to copy is based on user input (e.g. atextarea
), then you can achieve this transformation by utilizing thecopy
event handler, e.g.client.on('copy', function(event) { var text = document.getElementById('yourTextArea').value; var windowsText = text.replace(/\n/g, '\r\n'); event.clipboardData.setData('text/plain', windowsText); });
-
The Linux Clipboard system (a.k.a. "Selection Atoms" within the X Consortium's Standard Inter-Client Communication Conventions Manual) is a complex but capable setup. However, for normal end users, it stinks. Flash Player's Clipboard API can either:
- Insert plain text into the "System Clipboard" and have it available everywhere; or
- Insert plain, HTML, and RTF text into the "Desktop Clipboard" but it will only be available in applications whose UI are managed by the Desktop Manager System (e.g. GNOME, etc.). This, for example, means that a user on a typical Linux configuration would not be able to paste something copied with ZeroClipboard into a terminal shell but they may still be able to paste it into OpenOffice, the browser, etc.
As such, the default behavior for ZeroClipboard while running on Linux is to only inject plain text into the "System Clipboard" to cover the most bases. If you want to ignore that caution and use the "Desktop Clipboard" anyway, just set the
forceEnhancedClipboard
configuration option totrue
, i.e.:ZeroClipboard.config({ forceEnhancedClipboard: true });
Also, a final related behavioral caveat: if the pending clipboard data ONLY contains data of the format
"text/plain"
, ZeroClipboard will intelligently choose to use the "System Clipboard" regardless of theforceEnhancedClipboard
configuration property value.
The sandbox
attribute of the iframe
element (new in HTML5, supported in IE10+ and all other evergreen browsers) provides web developers with a way tighten the restrictions on framed content beyond what Content Security Policy (CSP) provides for unsandbox
ed cross-origin iframe
s. With the sandbox
attribute, you can instruct the browser to load a specific frame's content in a low-privilege environment, starting with the least privilege possible and then whitelisting the necessary subset of capabilities.
It is also very important to note, however, that the sandbox
attribute takes away some privileges from the framed content that CANNOT be whitelisted "back in". For example, any framed page running in a sandbox absolutely cannot run native plugins (e.g. Flash, Silverlight, Java, etc.). This decision was made because native plugins run unmanaged code that the browser cannot offer any further security verifications on, and are frequently sourced from third parties.
As such, ZeroClipboard is completely unusable inside of a sandbox
ed iframe
. Best efforts have been taken to detect sandboxing and notify consumers via an error
event (error[name = "flash-sandboxed"]
) but, unfortunately, not all configurations of sandboxing can be reliably detected from within the framed content.
This sandboxing is also why ZeroClipboard cannot be used as normal on many online code playground sites like JSFiddle, CodePen, etc. However, we have put together a few "starter snippets" for such sites to get you up and running quickly.
For a deeper analysis and a few "naughty" workarounds (which only work in limited situations), check out the sandblaster.js (JamesMGreene/sandblaster) project.
- HTML5 Rocks 🤘 article on
sandbox
ediframe
s - HTML spec:
iframe
sandbox
attribute - HTML spec: Browser sandboxing
- HTML5 Rocks 🤘 article on Content Security Policy (CSP)
ZeroClipboard was intentionally configured to not allow the SWF to be served from a secure domain (HTTPS) but scripted by an insecure domain (HTTP).
If you find yourself in this situation (as in Issue #170), please consider the following options:
- Serve the SWF over HTTP instead of HTTPS. If the page's protocol can vary (e.g. authorized/unauthorized, staging/production, etc.), you should include add the SWF with a relative protocol (
//s3.amazonaws.com/blah/ZeroClipboard.swf
) instead of an absolute protocol (https://s3.amazonaws.com/blah/ZeroClipboard.swf
). - Serve the page over HTTPS instead of HTTP. If the page's protocol can vary, see the note on the previous option (1).
- Fork ZeroClipboard and update "src/flash/ZeroClipboard.as" to call the
allowInsecureDomain
method as needed, then recompile the SWF with your custom changes.
If you want to either use ZeroClipboard on a page hosted via the file://
protocol or serve ZeroClipboard's assets via the file://
protocol, you are almost guaranteed to run into some roadblocks due to Flash Player security restrictions. Whether you will be able to work around these roadblocks depends heavily on the specifics of the browser and Flash Player plugin being used.
The various potential and/or partial workarounds are detailed below. We recommend trying them in the order they are listed, with the exception of any that are not applicable to your browser/Flash setup.
Do you really need to be hosting this via the file://
protocol? If not, please don't: it may turn into a neverending (or outright losing) security configuration battle for you.
We recommend that you instead just get a simple HTTP server installed and use it. Many HTTP server applications exist today that don't even require configuration or proper "installation", they are just executable files that can dynamically host the current working directory (or accept command line configuration options). Simple, easy, done.
But, if you really do need to be hosting this via the file://
protocol, please read on... and we wish you much-needed luck.
Rarely, for some browser/Flash setups, you can bypass this security restriction as easily as specifically
configuring ZeroClipboard to trust ALL domains for SWF interaction via a wildcard. This
configuration must be set before creating ZeroClipboard client instances as a typical consumer,
or before calling ZeroClipboard.create()
in a 3rd party wrapper:
ZeroClipboard.config({ trustedDomains: ["*"] });
This wildcard configuration should NOT be used in environments hosted over HTTP/HTTPS.
If you are using any browser with the traditional NPAPI Flash Player plugin enabled AND preferred
(i.e. PPAPI Flash Player plugins are not supported, are not installed, or are disabled for the browser
instance in question) or using the PPAPI Flash Player plugin v16.0.0
(or higher), you can edit your
system-level Flash Player security settings to whitelist your SWF URL using the Flash Player
Local Settings Manager:
- Open the Flash Player Local Settings Manager via your system's OS-specific access procedure.
- Go to the "Advanced" tab.
- Locate the "Developer Tools" subsection (may require you to scroll down).
- Click the "Trusted Location Settings..." button.
- Click "Add location" (may be represented as a
+
button). - Add the absolute path of your local "ZeroClipboard.swf" file to the trusted files whitelist.
This should work for all NPAPI Flash Player plugins. However, this may not work for all PPAPI Flash Player plugins.
If you are using any browser with the traditional NPAPI Flash Player plugin enabled AND preferred (i.e. PPAPI Flash Player plugins are not supported, are not installed, or are disabled for the browser instance in question), you can edit your device-level NPAPI Flash Player security settings to whitelist your SWF URL using the Flash Player Online Settings Manager:
- Using the same browser, go to the Adobe Flash Player Online Settings Manager page.
- In the small embedded Flash app (which looks more like a screen capture rather than an interactive UI), click "Add location". This may be inside of an "Edit locations..." dropdown menu.
- Add the absolute path of your local "ZeroClipboard.swf" file to the trusted files whitelist.
Some versions of Flash also include an "allow all" option in the Global Settings Manager.
This should work for all NPAPI Flash Player plugins. However, this WILL NOT work for any PPAPI Flash Player plugins.
If you are using a PPAPI Flash Player plugin and all of the aforementioned workarounds combined still didn't allow you to bypass this security restriction, you have officially run out of proper workarounds as you have almost certainly run into the even more restrictive security model in Chromium's "Pepper" (PPAPI) Flash layer. This elevated security will affect PPAPI Flash Player plugin usage in Chromium, Chrome Canary, Chrome, and possibly all Blink-based versions of Opera.
At this point, your only remaining option is to disable your PPAPI Flash Player plugin and fallback to an NPAPI Flash Player plugin instead.
If you are unwilling to disable your PPAPI Flash Player plugin, your goal has now officially been defeated by Flash Player's security restrictions. You should now reconsider our earlier recommendation to stop hosting it over the file://
protocol... we tried to warn you!