Why do websites do this? Isn't it trivial for bots etc to easily side-step any protection this might give? Or is it just to make people "double-check" their inputs? I find it completely maddening because I would assume I'm way more likely to correctly input a copy-pasted e.g. routing or account number than if I have to manually enter anything. Can we just agree this is terrible UI and is probably detrimental to correct data entry? What am I missing? In frustration I even sometimes open the dev tools and remove this attribute on elements out of spite.
It is a god awful pattern! It should be gotten rid of across the web.<p>However, I have noticed that, on some fields, the field rejects certain input without any message if the input is not the correct intended field type. For example, copying a numeric one time password from an email which gets copied as string and pasting on a field which only accepts numbers. This might look like paste blocking but its not.
> Can we just agree this is terrible UI<p>It is, but they had some "checklist" that included "block paste" for reasons unknown, and so they blocked pasting.<p>In firefox, if you change the about:config setting "dom.event.clipboardevents.enabled" to false you'll be able to paste no matter whether the website operator has "block paste" on their braindead checklist or not.
you can do some interesting things if you record time between character inputs and analyze across many users, almost like fingerprinting the way someone would type a unique set of characters, we'd all do it differently probably and maybe that can be fingerprinted.