canmove, Confirmed users
640
edits
Firefox3.1/HTML5 drag drop Security Review: Difference between revisions
Jump to navigation
Jump to search
Firefox3.1/HTML5 drag drop Security Review (view source)
Revision as of 00:02, 12 December 2008
, 12 December 2008→Review comments
| Line 120: | Line 120: | ||
Here is an example of [[http://people.mozilla.com/~jmaher/firefox/7437.html dnd]] | Here is an example of [[http://people.mozilla.com/~jmaher/firefox/7437.html dnd]] | ||
* If you drag a desktop image onto or over a page, what data can the page see? Don't want to leak the image data or the full file path. Filename is probably OK. | |||
* seems like if you drop a bookmark or desktop file onto a page the page now can get information about it that it couldn't before, while the user simply thinks they're navigating somewhere. | |||
* setData() adds things in named formats. can't getData(fmt) or clearData(fmt) if that format was added by a different domain. | |||
* setDragImage() is limited to adding images up to half the size of the original. transparency is added by us. | |||
* can only add set the image or add data during the dragStart event | |||
* web pages can't add data with the type given to files. There are probably a lot of other types we need to disallow, any that the browser itself relies on. e.g. when dragging a link to the bookmark toolbar, we don't want the page to be able to add data that might add extra bookmark meta-data like tags or keywords. | |||
* getData() does NOT check principals during the drop event. the target does need to get the data, but more than the default data? | |||
* supported formats: https://developer.mozilla.org/En/DragDrop/Recommended_Drag_Types | |||
* | |||