[Webkit-unassigned] [Bug 38876] New: User paths exposed on file drop

Mon May 10 17:24:06 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=38876

           Summary: User paths exposed on file drop
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dcheng at chromium.org
                CC: mjs at apple.com, sam at webkit.org, abarth at webkit.org,
                    noel.gordon at gmail.com, rolandsteiner at chromium.org,
                    eseidel at chromium.org

User paths exposed on file drop

Sam seemed concerned on #webkit that this was a user privacy violation.  I'm not sure that it is (what do paths really matter?), but we certainly seem to take care not to expose them in other places (like the File object or on input.value).

This is a clone of https://bugs.webkit.org/show_bug.cgi?id=25882, which was changed to be Chromium-specific. It was closed since the Chromium port has been partially patched to address this issue, but the fix was not perfect, since paths are still exposed when dropping on an editable area.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.