Bug 1164310 implemented MS's proposal to support directory picking and directory drag and drop. The "Unofficial Draft" spec is very much a work in progress though and subject to change. Currently our implementation is behind the dom.input.dirpicker pref (enabled only in Nightly). This bug will track any issues that need to be resolved before the pref can be flipped to true for release.
We should consider pushing for and implementing bug 1173320 too.
Do you have a demo page (with a server side) to test Directory Upload?
(In reply to Loic from comment #2)
> Do you have a demo page (with a server side) to test Directory Upload?
https://jwatt.org/blog/2015/09/14/directory-picking-and-drag-and-drop give this links https://jwatt.org/tmp/directory.html
When a user selects a directory, are they aware of the potentially sensitive contents of the directory? For example, if the user selects ~/.config , should the browser really send out all application configuration data? What about ~/.ssh or ~/.gpg (i.e. the recent targets of the pdf.js vulnerability)?
uploading arbitrary files is risky. recursively uploading entire directories seems far riskier. There is no security analysis at https://wicg.github.io/directory-upload/proposal.html . Has anyone done one?
Daniel, that is being discussed in bug 907707.
webcompat issue related to this.
*** Bug 1257179 has been marked as a duplicate of this bug. ***
I think we'll want some manual testing before releasing this (after implementation is complete), so setting the qe-verify+ flag.
Test suggestions/scenarios are appreciated.
*** Bug 1293949 has been marked as a duplicate of this bug. ***