How do I prevent "Read more: www.site.com" from being injected with non-Tynt JavaScript into copy-paste actions?

There are many sites that insert something like "Read more: www.site.com" into your clipboard when you copy text in your browser. I find this abominable. A google search reveals some methods to stop this if the website happens to be using the service Tynt (by just blocking the Tynt domain), but many websites use home-grown JavaScript.

Is there a general way to block this behavior besides just turning off JavaScript? I use Chrome but I am interested in all solutions.

EDIT: To be clear, I want to be able to keep the rest of the JavaScript functionality for these websites, since many will break without it.

EDIT #2: Here are two example websites which continue to harass me despite my use of a Tynt blocker: Marginal Revolution | The Fiscal Times

Here are two StackOverflow questions and two blog posts which explain ways to implement this shady practice manually without Tynt. Here is a blog post describing how hard this turns out to be to block reliably. Here is the most recent discussion I could find (March 2013) which offers suggestions on how to block this in Chrome using AdBlock, but it didn't work for me.


The site adding the annoying "Read more" stuff is ShareThis.

To prevent this bad behavior, you have three different alternatives:

Disable the clipboard events

These websites are using the Clipboard APIs, which allows web developers to intercept the copy/cut/paste actions and execute some code when they are performed. This is how ShareThis (and other websites like that) works. It simply waits for the copy event and right before the effective copy is performed it adds an additional "layer" of text which contains the annoying "- See ...".

Now the question is: is there any kind of method to disable the clipboard events? Unfortunately, I have not been able to find a method to do this in Chrome/Chromium, but in Firefox it's possible in two different ways.

  • Go in about:config and search for dom.event.clipboardevents.enabled. Double click on the key (set it to false) and voila! You have disabled the clipboard events and no one will touch your clipboard again.
  • For older versions of Firefox (really, really older), there is this extension which does the exact same thing of the about:config option.

Disabling clipboard events should not damage the experience of any website since they are rarely used and there isn't really a purpose to use them (other than spamming).

Let's head over to the second solution.

Block ShareThis

If you don't need ShareThis, you can simply block the w.sharethis.com domain. The Javascript responsible for loading ShareThis (and registering the ClipboardEvent) is loaded from that website.

You may block it in different ways, ranging from a simple AdBlock filter to editing your hosts file (this is not covered nor linked here since I can't put more links due to my reputation).

An example of doing that via the hosts file:

127.0.0.1 w.sharethis.com

The third solution is the hardest one and it should be used only as a last resort.

Disable the selection feature on the problematic websites

To edit the content which is copied to the clipboard, these websites use the Selection API which allows them to edit selections on-the-fly. So, a solution is to completely disable any kind of Selection (on the code-side, obviously. You will still be able to perform selections).

This can be done with a simple Tampermonkey/Greasemonkey script. I tested it only on Firefox since I can't install Chrome right now. I'm sorry for that.

This is the source code:

// ==UserScript==
// @name        Goodbye selections
// @namespace   tag: utils
// @include     $put_here_a_website_you'd_like_to_disable_selections$
// @include     $more_websites$
// @version     1
// @grant       none
// ==/UserScript==
(function() {
    var disableSelections = function() {
        document.getSelection = window.getSelection = function() {
            return { isCollapsed: true };
        };
    };
    var script = document.createElement ("script");
    script.appendChild (document.createTextNode ("(" + disableSelections + ")();"));
    (document.body || document.head || document.documentElement).appendChild (script);
})();

To let this work, you should create a new Greasemonkey/Tampermonkey script and adjust the @include directives. You can put one website per line, and it has to be done like @include http://bad.website.address/.

I tested it with both the websites you have linked and it works with no problems. However, keep in mind that this may cause problems since Selections are used by perfectly legit websites (for example, StackExchange textboxes use them to insert a symbol, when you click on the button, to the position of your caret), so you should enable that userscript only on problematic websites.

(note that you may need to remove the lines starting with // if you are creating the userscript from the Greasemonkey/Tampermonkey menus, they will automatically add it)

The explanation of the userscript is pretty simple. First, it defines a function named disableSelections which replaces the default document.getSelection and window.getSelection functions with one that simply returns an object containing { isCollapsed: true }. Why? Because ShareThis (I checked in their JS code) calls that function and checks if the isCollapsed property is set to true (if it is, it stops the "clipboard poisoning"). Other websites like that maybe won't perform that check, but they will end up simply with an error when they try to call a legit function of the Selection object.

Then the function is injected in the body/header/document and it will be automatically executed. A question you may ask is: if Javascript allows to override (almost) every function, why didn't you override the addEventListener function to simply do nothing when the event is copy/cut/paste? The answer is pretty simple. An userscript is executed at a non-easily-predictable time, this means that the ShareThis Javascript can be loaded before the userscript, and it won't do anything. Instead, by just overriding the window.getSelection function there won't be any problem since that function is called only when a copy is performed, and we are 100% sure that when you copy a text, the userscript has already been loaded.

Conclusion

The best and cleanest solution is obviously the first one, since it disables a practically useless API.

The second one is valid too, but you will lose any of the ShareThis functionality.

The third one is the most "hacky" one, but as a last resort it could work.


These odious actions can be blocked on Chrome with the "Kill Evil" extension:

https://chrome.google.com/webstore/detail/kill-evil/epieehnpcepgfiildhdklacomihpoldk

(EDIT) This extension appears to cause weird issues on facebook, be sure to whitelist it.


On Chromium I had success with Absolute Enable Right Click & Copy extension.

Having installed it, you can add you user list of sites where the extension is enabled in the preferences. Or, when you are on a particular page and see that it tampers with your clipboard, you can enable this extension on the fly via its toolbar button (this automatically adds the site to your list).


Although it is a Firefox addon, NoScript allows you to block JavaScript from any website by setting up an untrusted list.


If you are looking for a way to automatically modify the HTML before it is displayed, then Greasemonkey is the tool, and you would need to create a user-script that that does the modification.

From the article Beginner Guide for Greasemonkey Scripts in Google Chrome :

Chrome now natively supports user scripts. You don’t have to install an extra extension to use them; in fact, Chrome treats each user script as an individual addon so you can easily manage and remove them.

There is a lot of information about Greasemonkey to be found on the Internet, including many tutorials. Most of them would be for Firefox, where Greasemonkey originated, but they also apply today to Chrome.

As the site responsible for the "Read more" is sharethis.com. If you block it, this should stop. If you have an installed security suite, use it to block the site. Otherwise you can block it using your hosts file.

sharethis.com is the provider that supplies Tynt to the two websites you gave me. Tynt looks to be rather a technology than a website, so there may of course be other such providers, But one has to hope that they would be rather rare.