Open
Bug 906411
Opened 11 years ago
Updated 2 years ago
user event.dataTransfer.clearData in ondragend doesn't allow modifications
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, defect)
Tracking
()
UNCONFIRMED
Webcompat Priority | P3 |
People
(Reporter: joenix, Unassigned)
Details
(Keywords: html5)
Attachments
(1 file)
1.02 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 Steps to reproduce: user event.dataTransfer.clearData in ondragend Actual results: Modifications are not allowed for this document Expected results: Removes the data of the specified formats. Removes all data if the argument is omitted.
Updated•11 years ago
|
Component: Untriaged → DOM
Product: Firefox → Core
Comment 1•11 years ago
|
||
This doesn't look like a security issue to me.
Component: DOM → Drag and Drop
Updated•11 years ago
|
Group: core-security
Comment 2•8 years ago
|
||
The actual expected result is that nothing should happen. clearData only has any effect during dragstart. We throw an exception because this was implemented before the spec said much about what to do in this case.
Updated•6 years ago
|
Summary: clearData → user event.dataTransfer.clearData in ondragend doesn't allow modifications
Comment 3•2 years ago
|
||
dragend event should not allow the modification of the dataStore.
according to
https://html.spec.whatwg.org/multipage/dnd.html#dndevents
The drag data store mode is
drop -> read-only mode
dragend -> protected mode
Protected mode.
https://html.spec.whatwg.org/multipage/dnd.html#concept-dnd-p
For all other events. The formats and kinds in the drag data store list of items representing dragged data can be enumerated, but the data itself is unavailable and no new data can be added.
btw it seems that Firefox is making the data accessible on drag end, while the spec suggests it should not be possible, if I read correctly.
Updated•2 years ago
|
Webcompat Priority: --- → ?
Comment 4•2 years ago
|
||
We don't have any evidence for this breaking sites in Firefox, setting P3 for now.
Webcompat Priority: ? → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•