Bug 8733

Summary: Add drag & drop support to <input type=file> controls
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: FormsAssignee: Eric Seidel (no email) <eric>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P3    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Add drag & drop support to <input type=file> timo: review+

Eric Seidel (no email)
Reported 2006-05-04 10:15:23 PDT
This finally just bugged me enough last night that I did it.
Attachments
Add drag & drop support to <input type=file> (6.07 KB, patch)
2006-05-04 10:24 PDT, Eric Seidel (no email) 		timo: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2006-05-04 10:24:57 PDT
Created attachment 8105 [details] Add drag & drop support to <input type=file> There are a few concerns I have with this patch: 1. Is this really in the right place (on the actual WebCoreFileButton instead of the WebHTMLView?) 2. Does it look right (it overlays 25% gray) 3. Should we support things other than just normal files?
mitz
Comment 2 2006-05-04 10:29:02 PDT
*** Bug 5733 has been marked as a duplicate of this bug. ***
Eric Seidel (no email)
Comment 3 2006-05-04 10:29:34 PDT
Ah yes, my 4th concern: 4. does this have security implications?
mitz
Comment 4 2006-05-04 10:29:55 PDT
Bug 5733 mentions Radar # 3083272.
Eric Seidel (no email)
Comment 5 2006-05-04 10:30:31 PDT
5. I currently don't accept file promises... maybe it should.
Tim Omernick
Comment 6 2006-05-04 11:13:27 PDT
Great patch! - WebCoreFileButton seems like a fine place to do this, at least until the file upload control is pushed down into the engine. We already accept file drags to the page content area to set the current URL. You could still hack this at the document view level but I think this is simpler. - 25% gray overlay seems fine. If not, we can certainly tweak it. - Handling file promise drags would be good, but I don't think you need to finish that before landing this patch. - Not sure if there are any security implications. I think that since the user is entirely in control of the file being picked, there's no risk that a page author could programmatically traverse symlinks and gain access to a file that the user didn't expect. Maybe one of our security gurus can correct me on this.
Note You need to log in before you can comment on or make changes to this bug.