[whatwg] Proposal to drag virtual file out of browser

Mike Wilson mikewse at hotmail.com
Tue Aug 18 01:31:04 PDT 2009

Sounds interesting!
You only mention a singular file, what do you think about multiple files?
Also, would it be possible to hook browser-produced data into this model, so
client-generated data (f ex text, html, pdf) could be dragged out as a
virtual file to the desktop?
Best regards
Mike Wilson


From: whatwg-bounces at lists.whatwg.org
[mailto:whatwg-bounces at lists.whatwg.org] On Behalf Of Jian Li
Sent: den 18 augusti 2009 03:03
To: whatwg at lists.whatwg.org
Subject: [whatwg] Proposal to drag virtual file out of browser


The HTML 5 spec defines the event-based drag-and-drop mechanism that could
cross the browser boundary. If a draggable element contains a URL, dragging
it out of the browser will only copy the URL value. However, in some
scenarios, we really want to download the data file from the specified URL,
instead of copying the value. Here we propose a way to allow dragging a
virtual file denoted by an URL out of the browser boundary.


In order to download the attachment from an Internet mail application, the
user will have to click the attachment link and a "save" dialog will pop up
to let the user select the destination folder. This will normally involves
multiple clicks. Native application, like Outlook, can let the user drag
attachments directly into the destination place, i.e. desktop, which is
really convenient. 


Currently there is no direct support in HTML 5 to support such dragging of
the virtual file. To work around this, a plugin with such capability has to
be installed and used.


We propose adding a specific format string to the DataTransfer object:
"DownloadURL". The data associated with the "DownloadURL" format should be
parsed similar to the "URL" format. When the drag ends in another
application, the remote file described in the associated data URL should be
downloaded and provided to the target application.

For example, here's how one can create a draggable image that results in a
file when dragged:

var dragTarget = document.createElement("img");
dragTarget.src = "http://example.com/example-attachment.gif";
document.body.insertBefore(dragTarget, document.body.firstChild);
dragTarget.addEventListener("dragstart", function(event) {
}, false);

Traditionally allowing the non-image file to be dragged out of the browser
is considered bad. The main danger here is that the user might unknowingly
drag a file that will auto-execute. To address this issue, the browser needs
to mark the dragged file to indicate that it is coming from the Internet.
With this zone marker, the user will be prompted with a security warning
dialog when the dropped file is launched. If a specific platform does not
support zone identifier marker, this feature should be turned off by

We should consider allowing only http and https typed URL in the associated
data for the "DownloadURL" format. Should we further restrict the download
URL to the same origin?

If the filename is provided in the Content-Disposition header, it should
always be used. Otherwise, it is up to the browser to decide how the
filename is generated from the URL. But once it is chosen, it cannot be

The drag-and-drop feedback might be decorated with the filename and the
domain from which the file is downloaded. However, the real filename might
be only available when we initiate the download and get back the response
header. To address this, we can download the response header after the drag
is initiated and then update the feedback image based on the filename
retrieved from the Content-Disposition header. This might not be possible
for certain platform because changing the drag meta-data might not be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090818/b0a03025/attachment-0002.htm>

More information about the whatwg mailing list