The rule of thumb to counter this is to programatically eliminate user error on the server-side. This means that if you're expecting a phone number in format "(555) 555-1212" and the user enters it as "555.555-1212", you either give an error or you process the data anyway after you fix the entry. Eliminating the user's ability to type a period does solve the aspect of not being able to type a period only. It does not eliminate a user from typing "555 55 5 - 1212".
I recently had this "discussion" with the good folks at @CreditKarma in 140-characters or less. They told me what I expected, but 140-characters isn't enough to tell why using JavaScript to turn off a browser feature is ultimately stupid and pointless.
Overall, JavaScript should be used to enhance the browsing experience. Eliminating paste, right-mouse-click, obfuscating image URLs are all things that cheapen the user experience because the browser does not do what the user expects. An user should not have to jump through digital hoops to be able to use a website in the way they would like.
Specifically, pasting is something that most people do everyday. They expect every application, whether it's Microsoft Word or their favorite browser, to do what they've come to expect when pressing "Ctrl-V".
On the other hand, as a web-developer, I understand why folks like Credit Karma choose to prevent pasting via JavaScript. It's cheaper to write one line to stop pasting than it is to actually test user input. Testing user input would require more programming hours to test for each possibility. Furthermore, you run the risk that the user was stupid and accidentally fat-fingered something in one box and then pasted it in another. I will admit that I have done this.
This is NO excuse for disabling a critical feature of the browsers. However, if you simply MUST do this, consider the following:
- What frustrated me the most is that there was no feedback as to why paste did not work. INFORM THE USER that paste has been disabled and offer a reason. They may not like it, but at least they know that the problem *isn't* between the monitor and keyboard.
- PROVIDE A WAY TO PASTE ANYWAY. A switch, a preference...anything that says, "Hey, if you want to paste, we'll let you, but be sure you know what you're doing." Doing this will help people like me who get frustrated and then write Greasemonkey scripts fixing your mess.
- No matter what client-side solution you create, a user will find a way to mess things up so BE PREPARED TO HELP THEM. Users make mistakes. Give them a way to fix these mistakes instead of forcing them with the digital equivalent of cattle prods. Guide them by giving them clear and concise instructions.
- DO NOT RELY ON JAVASCRIPT TO FIX YOUR CARELESSNESS. Users expect their browser to behave in a specific way. Things like autocomplete are a great way to augment the user experience. However, forcing the user to wait while their browser counts down to 30 seconds is ridiculous when a crafty user can just read the source to get the final URL. Furthermore, blocking the word "DROP" via javascript doesn't mean that they won't type in "; DROP TABLE customers".
- Finally, DO NOT "EDIT WAR". If people are downloading and using my script, it's because they are frustrated like me. Listen to your users. The frustration that we feel doesn't color your company well. Web Development is like electricity: we don't think about it until something goes wrong. And users will make sure you hear them loud and clear.
All of this aside, Credit Karma is a great service. They provide a way for you to get your credit score for free. Yes, actually free unlike FreeCreditReport.com. I do recommend them, even with their broken registration process.
So here it is: Give Me Paste Back now in version 0.2, tested specifically on Credit Karma. Download the script and then go to Credit Karma and sign up for an account.
Hello, found your script, but it do not work on https://www.mein-e-service.de/qpo/portal/ewi/login
ReplyDeleteI have wrote them to remove nopaste, but it would be a happyness to get your script working on their site. Thanks!