Bug 8733

Summary: Add drag & drop support to <input type=file> controls
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: FormsAssignee: Eric Seidel (no email) <eric>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P3    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Add drag & drop support to <input type=file> timo: review+

Description Eric Seidel (no email) 2006-05-04 10:15:23 PDT
This finally just bugged me enough last night that I did it.
Comment 1 Eric Seidel (no email) 2006-05-04 10:24:57 PDT
Created attachment 8105 [details]
Add drag & drop support to <input type=file>

There are a few concerns I have with this patch:

1.  Is this really in the right place (on the actual WebCoreFileButton instead of the WebHTMLView?)
2.  Does it look right (it overlays 25% gray)
3.  Should we support things other than just normal files?
Comment 2 mitz 2006-05-04 10:29:02 PDT
*** Bug 5733 has been marked as a duplicate of this bug. ***
Comment 3 Eric Seidel (no email) 2006-05-04 10:29:34 PDT
Ah yes, my 4th concern:
4. does this have security implications?
Comment 4 mitz 2006-05-04 10:29:55 PDT
Bug 5733 mentions Radar # 3083272.
Comment 5 Eric Seidel (no email) 2006-05-04 10:30:31 PDT
5. I currently don't accept file promises... maybe it should.
Comment 6 Tim Omernick 2006-05-04 11:13:27 PDT
Great patch!

- WebCoreFileButton seems like a fine place to do this, at least until the file upload control is pushed down into the engine.  We already accept file drags to the page content area to set the current URL.  You could still hack this at the document view level but I think this is simpler.

- 25% gray overlay seems fine.  If not, we can certainly tweak it.

- Handling file promise drags would be good, but I don't think you need to finish that before landing this patch.

- Not sure if there are any security implications.  I think that since the user is entirely in control of the file being picked, there's no risk that a page author could programmatically traverse symlinks and gain access to a file that the user didn't expect.  Maybe one of our security gurus can correct me on this.