Skip to content

Drag&Drop protection doesn't work anymore

Tor Browser should provide protection against proxy bypass by filtering URLs when doing drag&drop (see point 3 of section 4.1).

Steps to reproduce:

  1. Open https://pearlcrescent.com/tor/22434.html in Firefox/Chrome (found in #22434 (closed))
  2. Drop a link or a favicon from Tor Browser into the rectangle
  3. Notice that text/plain and text/html still contain the URL; also, Firefox will open the page if you drop it somewhere else.

So, should we scrub URLs from plain text and HTML, too?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information