clipboardRead

In Manifest V3, you have two main ways to read from the clipboard:

1. From a user-initiated event in a DOM context: In a popup, options page, or content script, you can call navigator.clipboard.readText() or navigator.clipboard.read() in response to a user action, like a button click. With a fresh user activation this works even without clipboardRead, though declaring the permission is still recommended for reliability.

2. From a Service Worker (via Offscreen Document): Service workers don't have navigator.clipboard, so you must use the offscreen permission to create a hidden document with reasons: ['CLIPBOARD'] and read the clipboard there. Reading from an offscreen document without a user gesture does require clipboardRead.

Use this for extensions that need to read data the user had copied.

Examples:

• A "paste and go" extension.
• A clipboard manager that stores a history of copied items.
• A URL shortener that automatically shortens a link on the clipboard.

{
  "name": "My Clipboard Extension",
  "version": "1.0",
  "manifest_version": 3,
  "permissions": [
    "clipboardRead",
    "offscreen"
  ]
}

Note: In Manifest V3, declare clipboardRead together with offscreen whenever the read happens from a service-worker-driven context. The offscreen permission is required to create the document that hosts navigator.clipboard; the clipboardRead permission is what allows that read to proceed without a user gesture.

Why is it risky?

Your clipboard is where anything you copy (with Ctrl+C or Cmd+C) is temporarily stored. This often includes highly sensitive information like passwords, credit card numbers, private messages, and financial details.

This permission allows an extension to read the contents of your clipboard. A malicious extension could secretly monitor everything you copy, stealing your private data. Modern versions of Chrome have made this permission harder to abuse, but any extension that asks to read your clipboard should be treated with extreme caution.

This example uses the offscreen API to read clipboard text from a service worker.

// background.js

// This function needs to be called from a user action, e.g., clicking a context menu
async function readFromClipboard() {
  await createOffscreenDocument();
  // The offscreen document will read the clipboard and send the result back
  const clipboardText = await chrome.runtime.sendMessage({
    type: 'read-clipboard',
    target: 'offscreen-doc'
  });
  console.log("Text from clipboard:", clipboardText);
}

// offscreen.js in your offscreen document
chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
  if (message.target === 'offscreen-doc' && message.type === 'read-clipboard') {
    navigator.clipboard.readText().then(text => {
      sendResponse(text);
    }).catch(err => {
      console.error('Failed to read clipboard:', err);
      sendResponse(null);
    });
    return true; // Indicates you will send a response asynchronously
  }
});

This also requires the offscreen permission in manifest.json.