<font face="arial,helvetica,sans-serif">To clarify, I wasn't proposing that pages need to know details of a particular OS. Things like "text/plain", "text/uri-list", "text/html", etc. are automatically mapped by the UA to whatever the appropriate platform idiom is.</font><div>
<font face="arial,helvetica,sans-serif"><br></font></div><div><font face="arial,helvetica,sans-serif">I just thought it would be useful to also expose things that the UA itself doesn't natively understand--it just gets passed through to the web content. However, this led to the above problem with filenames being exposed. This can, to some extent, be mitigated by blacklisting certain types; I'm just wondering if people feel that the additional utility is worth the risk of potentially exposing file paths because of a chatty file manager, or if anyone has any ideas on how to mitigate this risk.</font><div>
<div><font face="arial,helvetica,sans-serif"></font><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font><div><div><font face="arial,helvetica,sans-serif">Daniel<br></font><br><div class="gmail_quote">
On Tue, Oct 19, 2010 at 02:29, Anne van Kesteren <span dir="ltr"><<a href="mailto:annevk@opera.com" target="_blank">annevk@opera.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Tue, 19 Oct 2010 00:15:27 +0200, Daniel Cheng <<a href="mailto:dcheng@chromium.org" target="_blank">dcheng@chromium.org</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sorry, I'm using "properties" as a generic term for different types of data that might be set in a drag. A lot of file managers try to be helpful and<br>
populate alternative metadata for a file. Some of this metadata contains<br>
file system paths. If the web dragging clipboard mirrors the native dragging clipboard, then the metadata will be visible to web apps. In this example, if you were on Linux with my patch, you could call<br>
event.dataTransfer.getData("x-special/gnome-icon-list") while handling a<br>
drop and the returned string would contain the file system path.<br>
</blockquote>
<br></div>
It seems wrong to expose it in a way native to a particular operating system so it seems better to filter it out for now even if that is more work. We should keep web platform APIs OS-independent.<br><font color="#888888">
<br>
<br>
-- <br>
Anne van Kesteren<br>
<a href="http://annevankesteren.nl/" target="_blank">http://annevankesteren.nl/</a><br>
</font></blockquote></div><br>
</div></div></div></div></div>