Is it possible to Drag-and-Drop images between Web sites (applications)?

There are a number of questions on stackoverflow about drag-and-drop but I can't see that any relate to this question specifically.

Question: Is it possible to drag-and-drop an image from one Web application (or site) to another Web application (not the same window etc.)?

I'm not looking for specific technologies that may help one achieve this, just if it is possible with Web application security restrictions.

For example, I've read that it's not possible for one Web application's Javascript to mess with the DOM of another Web application (for obvious reasons).

I just want to be able to drag an image displayed on one Web page into a Web application on another page (and for that application to have full access to the image).

Thanks, Ashley.

It's really a question of data handling in the browser. If there were no security issues involved this would be a piece of cake ... but there are security issues, big ones. Any time you permit data from site X to be introduced to site Y in a programmatic way you are opening a door, and it's very difficult to find the right balance of "useful enough to permit exciting new functionality" without going all the way to "bending over in the shower in prison to pick up the soap".

Cheswick and Bellovin say there are two basic approaches to security:

That which is not explicitly forbidden is permitted.
That which is not explicitly permitted is forbidden.

Microsoft basically went with #1 and you can see where that leads to. Most paranoid sysadmins go the route of #2 with a vengeance. Opening a big door between two unrelated sites would send most of us screaming off into the woods.

Unfortunately, although browsers & web site people are mostly (somewhat?) aware of this problem and are trying to deal with it, companies like Adobe and their "flash storage" are creating more and more problems.

Thanks for the suggestion. A lot of images also have links so that can spoil this approach. I'd also prefer not to drag to a text box (could confuse users etc.), I'd prefer a drop target but I guess that could also work with your approach.

MrHatken 2010-02-22 03:29:54

You can css a textbox to be a 'target'. Remove borders, and add a background image, whatever!

TFD 2010-02-22 04:03:06

Gears will certainly help with this task in the browsers which support it. If you use Google Wave with Gears on Firefox you can drag files right into the conversation threads.

Nathan Taylor 2010-02-22 02:17:27

Ok, since Gears is being replaced by HTML5, will HTML 5 allow similar? I also think there is a difference between dragging files from the desktop and dragging images from one Web site to another. I don't wish to have users dragging to the desktop first etc.

MrHatken 2010-02-22 03:35:15

I'm not sure, MrHatken. I'm just throwing out ideas -- I've never gotten such a system working myself.

Billy ONeal 2010-02-22 15:23:37

In this instance I don't think "security" plays a particularly big role as the desired task is simply copying an image from one public location to another. Like TFD said above, if dragging the image from one window to another fires a drag and drop event containing an image Url, your application need only perform a simple GET to retrieve a permanent copy. There are no security implications for such a behavior so long as the location of the image being retrieved is not secured. If it is secured, then obviously your points apply.

Nathan Taylor 2010-02-22 02:22:36

Where is evidence of "Microsoft essentially went with #1"?

Billy ONeal 2010-02-22 02:39:52

I can understand security concerns when one site (Javascript) tries to interact with another's DOM. However, the scenario I am talking about is simply transferring some data (the image or at least an URL for the image) to the other Web site. Of course, unless there is some shared location for this data to be passed through it may mean some sort of programmatic interaction is needed.

MrHatken 2010-02-22 03:33:19

@BillyONeal: There is a true spectrum with Convenience on one end and Security on the other. MS was terrified of inConveniencing their users so they totally abrogated their responsibility regarding Security, and the world has been paying the price ever since. I have Linux-based websites that regularly record 3,000 to 10,000 breakin attempts *a day*, but in 15 years I have had exactly one succeed, and that was through a failure on my part to update an old copy of phpMyAdmin. How long would Windows survive? SANS Institute says ... less than 5 minutes. http://isc.sans.org/survivaltime.html

Peter Rowell 2010-02-22 04:44:11

Peter Rowell 2010-02-22 04:56:39

@Peter Rowell: You ran a stripped down system that did nothing but serve web pages. Of course that has a smaller attach surface than a general purpose OS. I fail to see however what that has to do with convenience. Both Windows and Unix systems are secure when configured correctly and kept up to date. Taking an unpatched OS from 2001 as your test case is not a fair comparison.

Billy ONeal 2010-02-22 15:22:08

ansaurus

tags:

views:

answers:

Is it possible to Drag-and-Drop images between Web sites (applications)?

related questions