cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ean365
Strollin' around
Status: New idea

Read the lead-in for context, or go to bottom for important privacy and safety feature.

Today I was dragging a file (icon) from one side of my desktop to the other.  I happened to have Firefox in the middle of my screen with the Google home page open, and had to drag the file I was moving over top of Firefox to the other side of my desktop.  You probably know where this is heading....  Google has a nice feature:  the "drag an image here or upload a file" box popped up, which would happily automatically grab my file, upload it to Google, and do a search on it for me.  To be fair, this particular Google page would only upload something with a common image extension, not just any file, but you can easily extend this example to any other "drag and drop to upload {any file you like}" scenario on some other website.  If I had accidentally released the mouse button over top of Firefox, my file would have inadvertently gone public!  It occurred to me that if it was a private picture or any sort of personal information, that I had just done a potentially DANGEROUS thing dragging it over Firefox.

Important feature request for privacy, security, and safety sake...

If possible, please add an option (perhaps defaulted to true), to prompt before uploading a file that is dropped on top of Firefox.

ean365_0-1674600326301.png

Think:  If I were a Black Hat and casting a wide net on click-bait or other sketchy websites, it would be so simple to add this as another "trap" on all of my pages, hoping somebody might fly over with a file in their hand and accidentally dropping it.  Ooops!

2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

jscher2000
Leader

Interesting idea.

For now, you could consider injecting a script like the following into web pages, perhaps by converting it to a userscript:

 

document.body.addEventListener('drop', function(evt){
	if (!confirm('Allow drop?')){
		evt.preventDefault(); 
		evt.stopPropagation(); 
	}
}, true);