[whatwg] DND: proposal to expose origin
rniwa at webkit.org
Sun Feb 19 16:01:48 PST 2012
This proposal sounds reasonable.
On Fri, Feb 17, 2012 at 1:35 AM, Anne van Kesteren <annevk at opera.com> wrote:
> Names are chosen to be compatible with those used by HTML5 Web Messaging.
> Returns a DOMString consisting of the protocol, domain and optional port,
> the origin where the drag started:
> If the drag was not started on an origin (such as a dragged file from the
> desktop), or on a URL that is not a scheme/host/port tuple, the value
> be the string value "null". This conforms with HTML5 subsection "Unicode
> serialization of an origin" -
> Attempts to write to dataTransfer.origin will be ignored but not throw an
> error, in accordance with WebIDL.
> Defines an origin match for sites which may receive the dropped data. If
> method is not called, then all sites and applications may be considered
As Michal mentioned, can we make the default action not to make
cross-origin pages dropzones? Or at least let implementors choose?
Alternatively, you can make this property an array (e.g.
allowedTargetOrigins) and UA can fill in the default.
e.g. allowedTargetOrigins will be ["*"] on UAs that allows cross-origin by
default but will be ["http://banksite.com/"] on UAs that doesn't allow it
More information about the whatwg