3

Here is a jsfiddle of the exact problem.

For me the 'dragenter' event dataTransfer.files is defined correctly in everything but Firefox. However, the 'drop' event always has the correct dataTransfer.files, even in Firefox.

Not sure if this is a possible bug in Firefox (21.0 and now 23.0.1), it's happening on both Mac OS and Windows.

and the full code:

function preventDefault(_e) {
    _e.preventDefault();
}

var dropZone = document.getElementById('drop-zone');
dropZone.addEventListener("dragstart", preventDefault, false);
dropZone.addEventListener("dragleave", preventDefault, false);
dropZone.addEventListener("drag", preventDefault, false);
dropZone.addEventListener("dragend", preventDefault, false);
dropZone.addEventListener("dragover", preventDefault, false);
dropZone.addEventListener("dragenter", function(_e) {
    _e.preventDefault();
    console.log(_e.dataTransfer.files);
}, false);
dropZone.addEventListener("drop", function(_e) {
    _e.preventDefault();
    console.log(_e.dataTransfer.files);
}, false);

Do other people have the same results?

It could be a sandbox restriction, but I haven't found anything about it...

Any and all ideas and answers are appreciated :).

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Dan0
  • 459
  • 3
  • 16

1 Answers1

3

According to the spec (whatwg), the data is in "Protected mode", meaning not available. I'd guess this is to prevent sites from snooping/stealing stuff from drags not intended for them.

So, my interpretation is that Firefox is actually right not to allow access to .files in dragenter, and the bug is with the other browsers.

PS: Firefox source, explicitly returning nothing on dragenter.

nmaier
  • 32,336
  • 5
  • 63
  • 78
  • Brilliant, thank you for this answer, it really clears it up! I couldn't find anything on it as I didn't know what to look for exactly. w3.org and whatwg.org are great sources for this kind of thing. – Dan0 Aug 17 '13 at 18:40
  • this is unfortunately ridiculous because you can't validate the type of file being dragged, which is the whole point of validating a drag from the desktop. Now we're forced to just say that we accept ANY file type until we get to actually validate on drop :\ – Ryan Florence May 04 '14 at 16:41
  • Shouldn't **protected mode** only disallow file _reading_, instead of also disallowing the list of files, and their sizes? I don't want to **have** to use the browser-specific `mozItemCount`. In Chrome you can actually open the file with `FileReader` on a `dragenter`! Does this spec still cover the file count and file size as protected? – bryc Aug 20 '14 at 00:31