[whatwg] Input URL State and Files object

  On 8/25/2010 2:02 PM, Ian Hickson wrote:
> On Mon, 2 Aug 2010, Charles Pritchard wrote:
>>> [ UAs can use<input type=file>  to let the user enter remote URLs ]
>> When a user through selection, click+drag or manual entry of a URL
>> should the browser still submit an Origin request header? It seems that
>> CORS doesn't come into effect here -- but at the same time, it'd be
>> handy for logging purposes and added security.
> I don't think there'd be an origin, but that's rather up to the user
> agent. (In this case it's acting on behalf of the user, not the page, so I
> don't think it makes sense to give the page's origin.)
Sounds like an implementer would not include a Referer header, either.

...

Continuing on with tweaking URLs to work with with the File API:

Chrome has gone ahead with their setData proposal, enhancing the 
event.dataTransfer
object so that users may drag a file from within the browser onto their 
desktop.

The extension uses setData with a key of DownloadURL and a value 
including a mime type,
file descriptor and URI.

I'd like this interface to work within ondrop; if getData(DownloadURL) 
is set,
then a FileList would be returned in event.dataTransfer.files, much like 
it is when
users drag files from their desktop into the browser.

This would of course require Origin checks; whereas dragging onto the 
desktop
does not require an Origin check.

...

Here's the current example of setData(DownloadURL) and my comments.

https://code.google.com/p/html5rocks/issues/detail?id=136
var dragElem = document.getElementById("ID_Element_to_be_dragged");
dragElem.addEventListener(
   "dragstart",
   function(event) {
     event.dataTransfer.setData(
       "DownloadURL",
       
"application/pdf:sample.pdf:http://example.com/example-download-data");
   },
   false
);

Received on Thursday, 26 August 2010 17:24:34 UTC