W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2009

[whatwg] DnD Jacking

From: Biju Gm@il <bijumaillist@gmail.com>
Date: Mon, 26 Jan 2009 00:00:51 -0400
Message-ID: <4a27dd80901252000g4bcf13d9w753e52ef0373e50d@mail.gmail.com>
At http://bijumaillist.googlepages.com/2in1.html
i have iframed http://bijumaillist.googlepages.com/dnd.html
and http://www.whatwg.org/demos/2008-sept/dnd/dnd.html

Now I can drag items between iframes.
This is good when we do mashups.

But I wonder whether this will create a similar vulnerability like
Click Jacking.
- ie, A cross site DnD Jacking

So how can I...
1. say to where all (domain) things can be dragged?
2. find from which domain things are dropped.
3. find the handle of source window at destination and vice versa.
4. while we in ondragenter/ondragover phase find what will be dropped later.

Thanks
Biju
Received on Sunday, 25 January 2009 20:00:51 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:09 UTC