[whatwg] DnD Jacking
bijumaillist at gmail.com
Sun Jan 25 20:00:51 PST 2009
i have iframed http://bijumaillist.googlepages.com/dnd.html
Now I can drag items between iframes.
This is good when we do mashups.
But I wonder whether this will create a similar vulnerability like
- ie, A cross site DnD Jacking
So how can I...
1. say to where all (domain) things can be dragged?
2. find from which domain things are dropped.
3. find the handle of source window at destination and vice versa.
4. while we in ondragenter/ondragover phase find what will be dropped later.
More information about the whatwg