Skip to content
This repository was archived by the owner on Apr 6, 2021. It is now read-only.
This repository was archived by the owner on Apr 6, 2021. It is now read-only.

Security Controls for HTML5 Drag and Drop Events #1

Open
Open
Security Controls for HTML5 Drag and Drop Events#1
Labels
Priority-MediumSecurityType-Enhancementauto-migrated
@GoogleCodeExporter

Description

@GoogleCodeExporter
GoogleCodeExporter
opened on May 24, 2015
Implement a security control for ensuring that only intended documents have
access to the DataTransferObject during a drag operation by providing a
wrapped implementation. For information see the following link.

http://www.w3.org/TR/html5/editing.html#security-risks-in-the-drag-and-drop-mode
l

In comments, discuss possible mitigation of MiTM and XSS risks associated
with the new HTML Drag and Drop functionality.

Original issue reported on code.google.com by chrisisbeef on 29 Apr 2010 at 2:36

Activity

GoogleCodeExporter
added
Priority-Medium
Security
Type-Enhancement
auto-migrated
on May 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    Priority-MediumSecurityType-Enhancementauto-migrated

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @GoogleCodeExporter

        Issue actions
          Security Controls for HTML5 Drag and Drop Events · Issue #1 · ESAPI/owasp-esapi-js