Bug 8733 - Add drag & drop support to <input type=file> controls
Summary: Add drag & drop support to <input type=file> controls
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P3 Normal
Assignee: Eric Seidel (no email)
: 5733 (view as bug list)
Depends on:
Reported: 2006-05-04 10:15 PDT by Eric Seidel (no email)
Modified: 2006-05-04 11:23 PDT (History)
1 user (show)

See Also:

Add drag & drop support to <input type=file> (6.07 KB, patch)
2006-05-04 10:24 PDT, Eric Seidel (no email)
timo: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Seidel (no email) 2006-05-04 10:15:23 PDT
This finally just bugged me enough last night that I did it.
Comment 1 Eric Seidel (no email) 2006-05-04 10:24:57 PDT
Created attachment 8105 [details]
Add drag & drop support to <input type=file>

There are a few concerns I have with this patch:

1.  Is this really in the right place (on the actual WebCoreFileButton instead of the WebHTMLView?)
2.  Does it look right (it overlays 25% gray)
3.  Should we support things other than just normal files?
Comment 2 mitz 2006-05-04 10:29:02 PDT
*** Bug 5733 has been marked as a duplicate of this bug. ***
Comment 3 Eric Seidel (no email) 2006-05-04 10:29:34 PDT
Ah yes, my 4th concern:
4. does this have security implications?
Comment 4 mitz 2006-05-04 10:29:55 PDT
Bug 5733 mentions Radar # 3083272.
Comment 5 Eric Seidel (no email) 2006-05-04 10:30:31 PDT
5. I currently don't accept file promises... maybe it should.
Comment 6 Tim Omernick 2006-05-04 11:13:27 PDT
Great patch!

- WebCoreFileButton seems like a fine place to do this, at least until the file upload control is pushed down into the engine.  We already accept file drags to the page content area to set the current URL.  You could still hack this at the document view level but I think this is simpler.

- 25% gray overlay seems fine.  If not, we can certainly tweak it.

- Handling file promise drags would be good, but I don't think you need to finish that before landing this patch.

- Not sure if there are any security implications.  I think that since the user is entirely in control of the file being picked, there's no risk that a page author could programmatically traverse symlinks and gain access to a file that the user didn't expect.  Maybe one of our security gurus can correct me on this.