[whatwg] Exposing filenames in DataTransfer

Daniel Cheng dcheng at chromium.org
Fri Oct 29 16:24:30 PDT 2010


In that case, I'd like to propose a set of MIME types that the spec
explicitly mentions for interoperability with native apps:
- text/plain for compatibility with IE
- text/uri-list for compatibility with IE
- text/html for rich text formatting. One potential usage--a reference site
such as Wikipedia could implement a drag-out handler which automatically
encapsulates the dragged snippet in a "quote" box and links back to the
source.
- application/rtf for rich text data. RTF is called out in particular since
it allows embedded images, which HTML does not. This would allow someone to
drag-and-drop cells and a graph from a spreadsheet into an email.
- image/png for image transfers. Native drag and drop usually involves
bitmaps, so the UA would automatically perform a lossless conversion from
the native platform-dependent bitmap format to a PNG if the page requested
this type. One example usage is uploading a picture of your desktop--simply
hit 'Print Screen', navigate to the image sharing site, and ^V.
- image/svg+xml for vector image transfers. It should be possible to convert
the various vector formats (WMF, PS, PDF) into SVG, but I'm not sure how
valuable doing this would be.

Those 6 types seem to cover a fairly wide variety of use cases without being
too domain-specific. What do people think?

Daniel

On Tue, Oct 26, 2010 at 03:15, Anne van Kesteren <annevk at opera.com> wrote:

> On Thu, 21 Oct 2010 02:20:57 +0200, Daniel Cheng <dcheng at chromium.org>
> wrote:
>
>> To clarify, I wasn't proposing that pages need to know details of a
>> particular OS. Things like "text/plain", "text/uri-list", "text/html",
>> etc. are automatically mapped by the UA to whatever the appropriate platform
>> idiom is.
>>
>> I just thought it would be useful to also expose things that the UA itself
>> doesn't natively understand--it just gets passed through to the web content.
>>
>
> I was saying that if you get this on one OS but not another you might get
> pages that depend on a particular OS if not coded carefully.
>
>
>
>  However, this led to the above problem with filenames being exposed. This
>> can, to some extent, be mitigated by blacklisting certain types; I'm just
>> wondering if people feel that the additional utility is worth the risk of
>> potentially exposing file paths because of a chatty file manager, or if
>> anyone has any ideas on how to mitigate this risk.
>>
>
> It should probably work with a whitelist.
>
>
>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20101029/ae791087/attachment-0002.htm>


More information about the whatwg mailing list