Keepassxc: Windows 10 October 2018 update breaks clipboard clearing feature

I did a little (tiny) bit of research and found a UWP API to control what gets stored in history. I do not know if there is a Win32 API for this??

https://github.com/Microsoft/Windows-universal-samples/blob/master/Samples/Clipboard/cpp/CopyText.xaml.cpp

could this work? i have no idea about the windows api :/

https://docs.microsoft.com/en-us/windows/desktop/api/Winuser/nf-winuser-emptyclipboard

Not likely because the new clipboard history is a totally separate application from the actual "clipboard". That function clears the clipboard proper, what we really want is to signal that "this particular item" in the clipboard should NOT be stored in the history.

I'm not too sure about how to use native APIs in conjunction with QT/QClipboard, but this is the C# property to not store data in clipboard history - ClipboardContentOptions.IsAllowedInHistory. It's used with Clipboard.SetContentWithOptions().

If someone can give me pointers on how to get started using platform specific APIs with QT clipboard, I can have a go at implementing this.

As far as I can tell, it should just be a question of setting the relevant "no history" option when saving text to clipboard in Clipboard::setText().

This really needs to be implemented in Qt. Once you hand off the contents you want in the clipboard to Qt, you have very little control besides mime data.

Small hack that kinda works - Win+V to open clipboard, Del to delete the clipboard entry (or Tab until the focus is on the clear all button, then space or enter). KeePass could do this after the time period passes.

@chandradeepdey Doesn't seem like a good way to go - deleting first item won't always work, because someone may copy new data between pasting the password and the clearing timeout. And clearing all isn't a good solution either, as users will complain about their unrelated clipboard history being lost. I think it might just be best to request/wait for Qt to support some way of accessing this API in QClipboard.

Has somebody checked if QT is aware of this?? Because I guess we would like that fast. But first we might have to write something about this limitation. That might include option to turn this windows feature off for now?

For me ctrl-c/ctrl-b does not even put anything in clipboard if 'clear clipboard' is turned on. If I turn it off it works to copy the data. But it never gets cleared.

Just to add, I am running KeePassXC 2.4.0 with Qt 5.12.1 and libgcrypt 1.8.4.

I have not checked Qt.

After searching for other software having problem with this and not finding anything I wonder if this is a problem. Next would be to write a small example.

QT does OleSetClipboard(0) to clear the clipiboard. But for me I am not sure this is the problem. For me maybe it is a timer problem. :(

@jpyllman For me the legacy clipboard is unaffected, this issue only affects the modern clipboard. Have you tried setting the timer for "clear clipboard" higher?

Also, the issue is quite opposite of that in #2862 in that the clipboard stores data and doesn't clear them (because it isn't being told to clear) instead of not storing them in the first place.

Yes, I realize that too. My problem should probably be in a separate issue. I am just not sure what is causing this. I have been looking through KeePassXC code to see something. And there is nothing. Only little question is why do different with clipboard() and QApplication::clipboard().

Sorry about my rumblings. My problems was about "lock on minimize" and "minimize on copy". So "these are not the bugs you are looking for". Thanks. Just some crazy thought different timing on "lock database after inactivity", maybe have different on still open and minimized.

There is a solution for the problem. The classic KeePass have an option to exclude copied passwords from the clipboard history. So the password would be only in the classic clipboard which can be cleared automatically as before. It would be nice to add that feature to KeePassXC too and activate it as the default for Windows 10 users.
https://sourceforge.net/p/keepass/discussion/329221/thread/1c20573562/#3b0a

https://github.com/keepassxreboot/keepassxc/issues/2358#issuecomment-521951330 @droidmonkey could this help?

Possibly, haven't had the time to look into this issue. Sometimes the .NET/UWP API is more capable than the C API. This is more likely the case for recent Windows additions such as the shared clipboard.

This is a big security issue. Are you working on it? I'm still using classic keepass to avoid this situation.

Shared clipboards are a security issue no matter how you cut it. Just disable that feature.

Shared clipboards are a security issue no matter how you cut it. Just disable that feature.

I don't fully agree. You may want to track some blocks of text, pictures, filepaths, etc. But you will never want to see your password there. Keepassxc needs to implement the "exclude copied passwords from the clipboard history" as classic keepass does.

So here's the problem. We use QClipboard to allow for easy and seamless use of the clipboard across platforms. Qt has not implemented an interface with the new Windows clipboard. In order to fix this security issue we will have to totally reimplement the clipboard interface using WinRT function calls similar to what this example project uses:

https://github.com/microsoft/Windows-universal-samples/blob/master/Samples/Clipboard/cppwinrt/CopyText.cpp
https://docs.microsoft.com/en-us/uwp/api/windows.applicationmodel.datatransfer.clipboard.setcontentwithoptions?view=winrt-19041

I do not think this is possible for a Mingw-based application like ours. This is the same reason why interfacing with Windows Hello is looking to be impossible. Instead of simply using mime-based means to declare clipboard items as no-history/no-roam (like Klipper uses), Microsoft embedded it into an API.

Thank you very much for your explanation @droidmonkey . Will help to understand why this is not being addressed :)