[whatwg] Drag-and-drop folders/files support with directory structure using DirectoryEntry

Glenn Maynard glenn at zewt.org
Tue Nov 15 18:42:50 PST 2011


On Tue, Nov 15, 2011 at 9:37 PM, Zac Spitzer <zac.spitzer at gmail.com> wrote:

> any thoughts about minimising the security implications on this?
>
> it makes it extremely easy to jump on a machine, open a browser page,
> select a sensitive folder and upload it all to a remote server
>

It's meaningless to try to secure against a hostile local user at this
level.  The attempt will be a cost to everyone, and it's a battle you're
going to lose.

-- 
Glenn Maynard



More information about the whatwg mailing list