Last Comment Bug 1188880 - Ship directory picking and directory drag and drop
: Ship directory picking and directory drag and drop
Status: NEW
: dev-doc-needed, DevAdvocacy, feature, meta
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: All All
-- normal with 14 votes (vote)
: ---
Assigned To: Jonathan Watt [:jwatt]
: Andrew Overholt [:overholt]
: 1257179 (view as bug list)
Depends on: 907707 1164310 1173320 1186932 1188818 1201106 1257180 1258482 1258489 1258490 1258694 1263992 1264236 1274959 1288677 1288681 1288683 1289254 1289255 1331637
  Show dependency treegraph
Reported: 2015-07-29 07:16 PDT by Jonathan Watt [:jwatt]
Modified: 2017-02-21 05:58 PST (History)
39 users (show)
florin.mezei: qe‑verify+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Jonathan Watt [:jwatt] 2015-07-29 07:16:14 PDT
Bug 1164310 implemented MS's proposal to support directory picking and directory drag and drop. The "Unofficial Draft" spec is very much a work in progress though and subject to change. Currently our implementation is behind the dom.input.dirpicker pref (enabled only in Nightly). This bug will track any issues that need to be resolved before the pref can be flipped to true for release.
Comment 1 User image Jonathan Watt [:jwatt] 2015-07-29 07:43:32 PDT
We should consider pushing for and implementing bug 1173320 too.
Comment 2 User image Loic 2015-09-15 14:53:15 PDT
Do you have a demo page (with a server side) to test Directory Upload?
Comment 3 User image vulcain 2015-09-16 01:21:15 PDT
(In reply to Loic from comment #2)
> Do you have a demo page (with a server side) to test Directory Upload? give this links
Comment 4 User image Daniel Kahn Gillmor 2015-09-21 10:56:03 PDT
When a user selects a directory, are they aware of the potentially sensitive contents of the directory?  For example, if the user selects ~/.config , should the browser really send out all application configuration data?  What about ~/.ssh or ~/.gpg (i.e. the recent targets of the pdf.js vulnerability)?

uploading arbitrary files is risky.  recursively uploading entire directories seems far riskier.  There is no security analysis at .  Has anyone done one?
Comment 5 User image Mats Palmgren (:mats) 2015-09-21 12:19:19 PDT
Daniel, that is being discussed in bug 907707.
Comment 6 User image Karl Dubost :karlcow 2016-02-21 23:14:52 PST
webcompat issue related to this.
Comment 7 User image Olli Pettay [:smaug] (pto-ish for couple of days) 2016-03-31 07:40:08 PDT
*** Bug 1257179 has been marked as a duplicate of this bug. ***
Comment 8 User image Florin Mezei, QA (:FlorinMezei) 2016-04-18 07:07:43 PDT
I think we'll want some manual testing before releasing this (after implementation is complete), so setting the qe-verify+ flag.

Test suggestions/scenarios are appreciated.
Comment 9 User image Andrea Marchesini [:baku] 2016-08-15 07:13:21 PDT
*** Bug 1293949 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.