[whatwg] Drag-and-drop folders/files support with directory structure using DirectoryEntry

On Tue, Nov 15, 2011 at 9:37 PM, Zac Spitzer <zac.spitzer at gmail.com> wrote:

> any thoughts about minimising the security implications on this?
> it makes it extremely easy to jump on a machine, open a browser page,
> select a sensitive folder and upload it all to a remote server

It's meaningless to try to secure against a hostile local user at this
level.  The attempt will be a cost to everyone, and it's a battle you're
going to lose.

Glenn Maynard

Received on Tuesday, 15 November 2011 18:42:50 UTC