Clipboard: Add option to block proxying of passwords

[ferdnyc]

Since some password managers set a clipboard mimetype to signal when the clipboard contains password data, ignore the clipboard contents in those cases, to avoid exposing passwords over the link to the mobile device.

Fixes: #1893

TODO

• Make it optional
• Turn it off by default

[daniellandau]

As I wrote in the linked issue, I feel copying passwords is a valid use case and IMO it shouldn't be blocked by default.

[ferdnyc]

Heh. I happened to install KDE Connect on my laptop's Plasma session today (looking at some craziness in Messages, where the Android app seems to be sending nonsense to GSConnect — I want to see how they handle it), and sure enough, in the clipboard-sharing preferences:

[ferdnyc]

So, this becomes tricky because of the separation between our backend clipboard watcher (the component responsible for watching and updating the local desktop clipboard), and our clipboard plugin that runs for each connected device, interfacing between the backend and its paired device's network connection.

The way GSConnect's preferences work, with only one or two exceptions settings apply to plugins, and for the most part are per-device. Which means the decision about whether to send any given clipboard string to a paired device is made by the plugin based on its current settings. But in our current architecture, the only thing the plugin ever sees from the backend is a piece of string data — it has no way of knowing if that string represents a password. The mimetype data we're looking at to detect passwords on the clipboard is only accessible from the backend.

So, I think I'm going to have to go a route similar to what KDE did in their own Linux implementation: Have the backend assign a "content type" to each clipboard string it captures, indicating whether it's a password, a (presumed) non-password string, or... well, at least for now, those are the only two choices. content-type would be an additional backend property, to go with the existing text property that holds the clipboard string.

Whenever the plugin gets notified that the backend's text property has been updated, it can first look at the backend content-type property. If it sees "password", the plugin decides (based on its security setting) whether or not it should grab text and send it to the paired device.