I've made the "types" list visible during all the events, but I'm
skeptical about making everything available. We'll probably revisit
this
in a few years when we have a test suite for this. (I probably need to
rewrite the way this section is written before making any more
significant
changes.)
I agree as I'm unsure what else *could* be safely exposed before the
drop event -- realistically anything beyond the types seems risky:
ignoring the obvious risks of exposing actual content, exposing any
form of URI may lead to unintended information leaking (you have to
assume that people are dragging random private files, urls, etc across
windows and do not intend to drop them)
--Oliver
