W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2009

[whatwg] Drag and Drop Security Model and current implementations

From: Oliver Hunt <oliver@apple.com>
Date: Mon, 24 Aug 2009 22:29:37 -0700
Message-ID: <77201943-CB80-4802-93F7-8CE896E448DF@apple.com>
> I've made the "types" list visible during all the events, but I'm
> skeptical about making everything available. We'll probably revisit  
> this
> in a few years when we have a test suite for this. (I probably need to
> rewrite the way this section is written before making any more  
> significant
> changes.)
I agree as I'm unsure what else *could* be safely exposed before the  
drop event -- realistically anything beyond the types seems risky:  
ignoring the obvious risks of exposing actual content, exposing any  
form of URI may lead to unintended information leaking (you have to  
assume that people are dragging random private files, urls, etc across  
windows and do not intend to drop them)

--Oliver
Received on Monday, 24 August 2009 22:29:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:15 UTC