On 2/17/12 1:35 AM, Anne van Kesteren wrote:
Our proposal takes its cues and algorithms from the postMessage API,
and allows the source site to restrict drop targets to only those
origins which it trusts, and allows drop targets to see which origin
was the source of a drag. The majority of the algorithm can be copied
from postMessage, including the syntax for allowed target origins.
interface DataTransfer {
...
readonly attribute DOMString origin;
void allowTargetOrigin(DOMString targetOrigin);
};
Any chance we could get D&D to pass a window object or message port so
we could use postMessage?
window.open/iframe seems the only way to link; I've used an
iframe+sharedworker setup before, which works pretty well.
