[whatwg] Drag and Drop Security Model and current implementations

> I've made the "types" list visible during all the events, but I'm
> skeptical about making everything available. We'll probably revisit  
> this
> in a few years when we have a test suite for this. (I probably need to
> rewrite the way this section is written before making any more  
> significant
> changes.)
I agree as I'm unsure what else *could* be safely exposed before the  
drop event -- realistically anything beyond the types seems risky:  
ignoring the obvious risks of exposing actual content, exposing any  
form of URI may lead to unintended information leaking (you have to  
assume that people are dragging random private files, urls, etc across  
windows and do not intend to drop them)

--Oliver

Received on Monday, 24 August 2009 22:29:37 UTC