[whatwg] Drag'n'drop uploads propsal

[ddailey]

On Wednesday, April 25, 2007 7:28 PM David Hyatt wrote

> I like the idea of having a way of associating a file upload control  with 
> a contenteditable region and I also like the idea of having some  way for 
> the dropped resources associated with the control to display  in the page. 
> The use case of being able to drop images into a  contenteditable region 
> and have them show up as <img> elements at the  appropriate place and then 
> get automatically uploaded somewhere is a  really compelling one.

I'm trying to reconcile several things in my mind here:
1. http://www.whatwg.org/specs/web-forms/current-work/#upload
>From it I gather one will be able to upload multiple files.

2. http://wiki.whatwg.org/wiki/Drag'n'Drop_Uploads
Wouldn't spec editors love it if all proposals were presented so clearly?

3. Using script to do this.  See #1 at 
http://lists.w3.org/Archives/Public/public-html/2007May/0057.html for some 
background on where I'm coming from (grab a cup of tea -- it is 
longwinded -- sorry -- that message was written for a different purpose). 
Herewith is an executive summary:

The way I used to (circa 2000) allow importation of multiple image files 
into a user's workspace was to use file upload to allow the user to pick one 
file from her directory. Then I would use script to interrogate contiguous 
file names. User consents to upload x1.jpg -- script interrogates filespace 
to see if x2.jpg is -- if it is, then ask for x3.jpg -- etc. etc. It allowed 
for bulk importation of consecutively numbered images for purposes of making 
what I guess we are now calling <video> (levity not gravity) . The user then 
used the browser to re-sequence, edit, etc. a collection of images. It was 
sorta like a mini Adobe Premier, but running in the browser. Saving the 
user's movie was a bit difficult since I could not find any cross-browser 
way of saving files to user's drive space (IE's activeX stuff wasn't  there 
yet I think, and I couldn't figure out how to get signed scripts from 
Netscape working in IE). Anyhow, somewhere around 2004 or 2005 I guess, my 
little mini-app stopped working in IE.

I rather assume that was because the browser companies discovered that the 
technique I was using of allowing <input type=file> to browse drive space 
was, in fact, a security risk. On the other hand, the use case of doing what 
I wanted to do makes sense (to me anyhow).

So two questions:
A. Am I correct in assuming that the "The min and max attributes apply to 
file upload controls " will handle the use case I'm outlining here (except 
for the file saving part)? I suppose that once the user identifies a 
collection of files then we would use script to swap src attributes of image 
tags which we could then drag around or swap or delete or whatever, and that 
the drag'n'drop proposal would eliminate lots and lots of script.
B. The statements on security in the WHATWG spec including: "For security 
reasons, only content that the user knows is not hostile should ever be 
allowed to submit or fetch files specified by file URIs. " ... would this 
allow or not my poor old broken mini-app to re-emerge from the dead? (As I 
mention in [3] above, I'm not really suggesting that it should. I am 
perfectly content to rewrite the gnarly old code, if I really cared strongly 
about the thing. It would be nice to know if a rewrite would be possible 
without the WHATWG forms proposal, or if the drag'n'drop proposal did come 
into existence, then whether or not such a rewrite would even be necessary.)

David Dailey