Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
org.webjars.bowergithub.timruffles:mobile-drag-drop
Advanced tools
The HTML 5 drag'n'drop API allows you to implement drag'n'drop on most desktop browsers.
Unfortunately, you'll notice most mobile browsers don't support it, so no iPad (or Nexus) action for you!
Luckily, browsers give us enough tools to make it happen ourselves. If you drop this package in your page your existing HTML 5 drag'n'drop code should just work (*almost).
Check out the demo to see it in action and monitor the console to see the events firing.
npm
npm install mobile-drag-drop --save
jspm
jspm install npm:mobile-drag-drop
bower
bower install mobile-drag-drop --save
global
<link rel="stylesheet" href="libs/mobile-drag-drop/release/default.css">
<script src="libs/mobile-drag-drop/release/index.min.js"></script>
<!--optional import of scroll behaviour-->
<script src="libs/mobile-drag-drop/release/scroll-behaviour.min.js"></script>
<script>
// options are optional ;)
MobileDragDrop.polyfill({
// use this to make use of the scroll behaviour
dragImageTranslateOverride: MobileDragDrop.scrollBehaviourDragImageTranslateOverride
});
</script>
SystemJS/JSPM
System.import("mobile-drag-drop");
// import css if using system-js css loader plugin
System.import("mobile-drag-drop/default.css!");
ES2015/TypeScript/webpack
import {polyfill} from "mobile-drag-drop";
// optional import of scroll behaviour
import {scrollBehaviourDragImageTranslateOverride} from "mobile-drag-drop/scroll-behaviour";
// options are optional ;)
polyfill({
// use this to make use of the scroll behaviour
dragImageTranslateOverride: scrollBehaviourDragImageTranslateOverride
});
Make sure to implement a dragenter
-listener! (read here why)
// dragenter listener
(event)=> {
event.preventDefault();
}
webpack/scss
@import "~mobile-drag-drop/default.css";
export interface Point {
x: number;
y: number;
}
// function signature for the dragImageTranslateOverride hook
export type DragImageTranslateOverrideFn = (
// corresponding touchmove event
event: TouchEvent,
// the processed touch event viewport coordinates
hoverCoordinates: Point,
// the element under the calculated touch coordinates
hoveredElement: HTMLElement,
// callback for updating the drag image offset
translateDragImageFn: (offsetX: number, offsetY: number) => void;
) => void;
export interface Config {
// flag to force the polyfill being applied and not rely on internal feature detection
forceApply?:boolean;
// useful for when you want the default drag image but still want to apply
// some static offset from touch coordinates to drag image coordinates
// defaults to (0,0)
dragImageOffset?:Point;
// if the dragImage shall be centered on the touch coordinates
// defaults to false
dragImageCenterOnTouch?:boolean;
// the drag and drop operation involves some processing. here you can specify in what interval this processing takes place.
// defaults to 150ms
iterationInterval?:number;
// hook for custom logic that decides if a drag operation should start
dragStartConditionOverride?:( event:TouchEvent ) => boolean;
// hook for custom logic that can manipulate the drag image translate offset
dragImageTranslateOverride?:DragImageTranslateOverrideFn;
// hook for custom logic that can override the default action based on the original touch event when the drag never started
// be sure to call event.preventDefault() if handling the default action in the override to prevent the browser default.
defaultActionOverride?:( event:TouchEvent ) => void;
// Drag action delay on touch devices ("hold to drag" functionality, useful for scrolling draggable items). Defaults to no delay.
holdToDrag?:number;
/**
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
* THE FOLLOWING OPTIONS ARE ONLY AVAILABLE IN v2.3.0-rc.0
*
*/
// function invoked for each touchstart event to determine if and which touched element is detected as "draggable"
tryFindDraggableTarget?:( event:TouchEvent ) => HTMLElement | undefined;
// function implementing how a copy of the dragged element is created
// NOTE! this function is for customizing HOW an element is transformed to a drag image element
// if you're looking for setting a custom drag image please use [setDragImage()](https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/setDragImage)
dragImageSetup?:( element:HTMLElement ) => HTMLElement;
// function for determining element that is currently hovered while dragging
// defaults to `document.elementFromPoint()`
elementFromPoint?:( x:number, y:number ) => Element;
/**
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*/
}
// invoke for initializing the polyfill => returns true if polyfill is applied
export function polyfill(override?: Config):boolean;
If you want to set a custom drag image use setDragImage().
Override the classes that are applied by the polyfill for customizing the drag image appearance
and snapback behaviour. Mind the !important
.
.dnd-poly-drag-image {
opacity: .5 !important;
}
/* applied when the drag effect is none and the operation ends */
.dnd-poly-drag-image.snapback {
-webkit-transition: -webkit-transform 250ms ease-out !important;
-moz-transition: -moz-transform 250ms ease-out !important;
-o-transition: -o-transform 250ms ease-out !important;
transition: transform 250ms ease-out !important;
}
/* applied always as a base class for drop effect styles */
.dnd-poly-drag-icon {
}
CSS classes are applied to the dragImage
-element according to the
current drop effect: none
, copy
, move
, link
.
There is icons.css
which defines default styles and icons.
Feel free to use this as a starting point.
<link rel="stylesheet" href="[...]/mobile-drag-drop/icons.css">
One can also set a custom dragImageSetup()
function in the polyfill config. This allows to completely
customize the routine used to create a copy of the dragged element.
Checkout the default implementation as a starting point.
iFrames
are currently not supported. Please see #5 for the current state.
ShadowDOM/ShadyDOM
are currently not working seamlessly. Please see #115 for the current state.
:before/:after
css pseudo styles can't be copied to the drag image. By default classes are removed on the drag image recursively to avoid side-effects. You can pass a custom dragImageSetup function in the config.
Contributions welcome!
Browser | Support | Known issues |
---|---|---|
Chrome | Native | No known issues. More info |
Firefox | Native | No known issues. More info |
Safari | Native | No known issues. |
Opera | Native | Same as Chrome. |
Internet Explorer 11 | Native | No known issues. |
Edge | Unknown | Unknown |
Mobile Safari (<iOS 10) | Polyfill | No known issues. |
Mobile Safari (iOS 10) | Polyfill | #77 |
Chrome on iOS | Polyfill | No known issues. |
Chrome on Android | Polyfill | No known issues. |
Chrome on touch device | Polyfill | No known issues. More info |
Firefox on touch device | Native | No known issues. |
Firefox on Android | Polyfill | No known issues. |
Amazon Silk | Unknown | Unknown |
Ubuntu Phone | Polyfill | No known issues. |
IEMobile | Native | Unknown |
Chrome:
Chrome supports touch devices/events. When run on a desktop touch device like MS Surface it turns on touch events
which also disables native drag-and-drop support. Touch events can also be set by a user in chrome://flags
to auto
, on
, off
.
There is also a flag for enabling drag-and-drop through touch interaction but only for Windows and the option is off by default.
The polyfill still works if this setting is active. We cannot detect if this flag is set so we just stick to applying the polyfill
when Chrome is detected with touch events enabled.
Firefox:
Touch events can be activated by a user in about:config
to 0
(off), 1
(on), 2
(auto).
As of today (FF39.0) touch behavior is off.
When touch events are active drag-and-drop interaction will still work, so no need to polyfill.
The drag'n'drop API is not implemented consistently in all browsers. This table is an effort to list all things required to make drag'n'drop work in all browsers and with the polyfill.
Browser | dragstart | drag | dragend | dragenter | dragover | dragleave | dragexit |
---|---|---|---|---|---|---|---|
Firefox | event.dataTransfer.setData(type, data) | effectAllowed,dropEffect | effectAllowed,dropEffect | ||||
IE11 | event.preventDefault() when registered on body | ||||||
Polyfill | event.preventDefault() or dropzone required |
empty cells mean there is nothing special to take into account
On desktop browsers if no dragenter
-handler is registered the drag-operation is silently allowed. Browsers don't implement dropzone
-attribute
according to caniuse which is why they allow it by default, which violates the spec.
If a handler is set up it has to call event.preventDefault()
to allow dropping.
This is pretty bad for the polyfill since JS doesn't allow to check how many listeners were invoked when the event is dispatched,
which forces the polyfill to rely on a listener being present calling event.preventDefault()
to make it work.
Further notices:
effectAllowed
or dropEffect
is set in dragstart
then dragenter/dragover
also need to set it.Baseline recommendations for cross-browser/-platform support:
dragstart
by calling event.dataTransfer.setData(type, data)
.dragenter
-event on possible dropzones if the drop is allowed by calling event.preventDefault()
.dragover
-event on dropzone when the drop is allowed by calling event.preventDefault()
, otherwise the drag-operation is aborted.Contributions are welcome.
For more details on development setup see CONTRIBUTING.md
To the amazing contributors who've provided massive extensions and fixes to the original.
@rem - who created the original demo used to demo this shim's drop-in nature.
FAQs
WebJar for mobile-drag-drop
We found that org.webjars.bowergithub.timruffles:mobile-drag-drop demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.