Drag&Drop protection doesn't work anymore

Tor Browser should provide protection against proxy bypass by filtering URLs when doing drag&drop (see point 3 of section 4.1).

Steps to reproduce:

1. Open https://pearlcrescent.com/tor/22434.html in Firefox/Chrome (found in #22434 (closed))
2. Drop a link or a favicon from Tor Browser into the rectangle
3. Notice that text/plain and text/html still contain the URL; also, Firefox will open the page if you drop it somewhere else.

So, should we scrub URLs from plain text and HTML, too?