Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
mobile-drag-drop
Advanced tools
Polyfill for making HTML5 drag and drop possible in all browsers.
The HTML 5 drag'n'drop API allows you to implement drag'n'drop on most desktop browsers and some mobile browsers.
Unfortunately, you'll notice most mobile browsers don't support it, so no iPad (or Nexus) action for you!
Chrome>=96 on Android>=7
and Safari on iOS/iPadOS>=15
are reported to support drag and drop natively!
This means native support for drag and drop is growing but some browsers still need polyfilling.
It is advised to keep an eye on caniuse and test for your userbase.
In the case of iOS native support and the polyfill seem to be able to coexist without issues.
See https://github.com/timruffles/mobile-drag-drop/issues/167 for state of drag and drop in iOS/iPad>=15
.
Chrome>=96 on Android>=7
behaviour is under investigation.
Luckily, browsers give us enough tools to make it happen ourselves if needed. If you drop this package in your page your existing HTML 5 drag'n'drop code should just work (*almost).
Check out the demo to see it in action and monitor the console to see the events firing.
npm
npm install mobile-drag-drop --save
jspm
jspm install npm:mobile-drag-drop
global
<link rel="stylesheet" href="libs/mobile-drag-drop/release/default.css">
<script src="libs/mobile-drag-drop/release/index.min.js"></script>
<!--optional import of scroll behaviour-->
<script src="libs/mobile-drag-drop/release/scroll-behaviour.min.js"></script>
<script>
// options are optional ;)
MobileDragDrop.polyfill({
// use this to make use of the scroll behaviour
dragImageTranslateOverride: MobileDragDrop.scrollBehaviourDragImageTranslateOverride
});
</script>
SystemJS/JSPM
System.import("mobile-drag-drop");
// import css if using system-js css loader plugin
System.import("mobile-drag-drop/default.css!");
ES2015/TypeScript/webpack
import {polyfill} from "mobile-drag-drop";
// optional import of scroll behaviour
import {scrollBehaviourDragImageTranslateOverride} from "mobile-drag-drop/scroll-behaviour";
// options are optional ;)
polyfill({
// use this to make use of the scroll behaviour
dragImageTranslateOverride: scrollBehaviourDragImageTranslateOverride
});
Make sure to implement a dragenter
-listener! (read here why)
// dragenter listener
(event)=> {
event.preventDefault();
}
If you're targeting iOS Safari 10.x and higher
// iOS>=10 supports passive event listeners
// but make sure to catch or check passive event listener support
// regarding this code running on other platforms.
window.addEventListener( 'touchmove', function() {}, {passive: false});
webpack/scss
@import "~mobile-drag-drop/default.css";
export interface Point {
x: number;
y: number;
}
// function signature for the dragImageTranslateOverride hook
export type DragImageTranslateOverrideFn = (
// corresponding touchmove event
event: TouchEvent,
// the processed touch event viewport coordinates
hoverCoordinates: Point,
// the element under the calculated touch coordinates
hoveredElement: HTMLElement,
// callback for updating the drag image offset
translateDragImageFn: (offsetX: number, offsetY: number) => void;
) => void;
export interface Config {
// flag to force the polyfill being applied and not rely on internal feature detection
forceApply?:boolean;
// useful for when you want the default drag image but still want to apply
// some static offset from touch coordinates to drag image coordinates
// defaults to (0,0)
dragImageOffset?:Point;
// if the dragImage shall be centered on the touch coordinates
// defaults to false
dragImageCenterOnTouch?:boolean;
// the drag and drop operation involves some processing. here you can specify in what interval this processing takes place.
// defaults to 150ms
iterationInterval?:number;
// hook for custom logic that decides if a drag operation should start
dragStartConditionOverride?:( event:TouchEvent ) => boolean;
// hook for custom logic that can manipulate the drag image translate offset
dragImageTranslateOverride?:DragImageTranslateOverrideFn;
// hook for custom logic that can override the default action based on the original touch event when the drag never started
// be sure to call event.preventDefault() if handling the default action in the override to prevent the browser default.
defaultActionOverride?:( event:TouchEvent ) => void;
// Drag action delay on touch devices ("hold to drag" functionality, useful for scrolling draggable items). Defaults to no delay.
holdToDrag?:number;
/**
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
* THE FOLLOWING OPTIONS ARE ONLY AVAILABLE IN v2.3.0-rc.0
*
*/
// function invoked for each touchstart event to determine if and which touched element is detected as "draggable"
tryFindDraggableTarget?:( event:TouchEvent ) => HTMLElement | undefined;
// function implementing how a copy of the dragged element is created
// NOTE! this function is for customizing HOW an element is transformed to a drag image element
// if you're looking for setting a custom drag image please use [setDragImage()](https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/setDragImage)
dragImageSetup?:( element:HTMLElement ) => HTMLElement;
// function for determining element that is currently hovered while dragging
// defaults to `document.elementFromPoint()`
elementFromPoint?:( x:number, y:number ) => Element;
/**
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*/
}
// invoke for initializing the polyfill => returns true if polyfill is applied
export function polyfill(override?: Config):boolean;
When setting the option holdToDrag
the draggable element will emit custom events:
dnd-poly-dragstart-pending
as soon as the touchstart
event is detected and a drag operation is about to be started after the delay specified with holdToDrag
dnd-poly-dragstart-cancel
when the drag operation will not be started due to touchmove
, touchend
, touchcancel
or scroll
within the holdToDrag
delay.Those events can be used to visualize the holdToDrag
so the user is informed that a drag operation is about to start.
If you want to set a custom drag image use setDragImage().
Override the classes that are applied by the polyfill for customizing the drag image appearance
and snapback behaviour. Mind the !important
.
.dnd-poly-drag-image {
opacity: .5 !important;
}
/* applied when the drag effect is none and the operation ends */
.dnd-poly-drag-image.dnd-poly-snapback {
-webkit-transition: -webkit-transform 250ms ease-out !important;
-moz-transition: -moz-transform 250ms ease-out !important;
-o-transition: -o-transform 250ms ease-out !important;
transition: transform 250ms ease-out !important;
}
/* applied always as a base class for drop effect styles */
.dnd-poly-drag-icon {
}
CSS classes are applied to the dragImage
-element according to the
current drop effect: none
, copy
, move
, link
.
There is icons.css
which defines default styles and icons.
Feel free to use this as a starting point.
<link rel="stylesheet" href="[...]/mobile-drag-drop/icons.css">
One can also set a custom dragImageSetup()
function in the polyfill config. This allows to completely
customize the routine used to create a copy of the dragged element.
Checkout the default implementation as a starting point.
iFrames
are currently not supported. Please see #5 for the current state.
:before/:after
css pseudo styles can't be copied to the drag image. By default classes are removed on the drag image recursively to avoid side-effects. You can pass a custom dragImageSetup function in the config.
Contributions welcome!
Browser | Support | Known issues |
---|---|---|
Chrome | Native | No known issues. More info |
Firefox | Native | No known issues. More info |
Safari | Native | No known issues. |
Opera | Native | Same as Chrome. |
Brave | Native | Same as Chrome. |
Internet Explorer 11 | Native | No known issues. |
Edge | Native | No known issues. More info |
Mobile Safari (<iOS 10) | Polyfill | No known issues. |
Mobile Safari (>=iOS 10) | Polyfill | #77 |
Mobile Safari (>=iOS 15) | Native & Polyfill | #167 |
Chrome on iOS | Polyfill | See Mobile Safari since it's the same engine inside. |
Chrome on Android | Polyfill | No known issues. Needs investigation regarding native capabilities! |
Chrome on touch device | Polyfill | No known issues. More info |
Firefox on touch device | Native | No known issues. |
Firefox on Android | Polyfill | No known issues. |
Amazon Silk | Unknown | Unknown |
Ubuntu Phone | Polyfill | No known issues. |
IEMobile | Native | Unknown |
Chrome:
Chrome supports touch devices/events. When run on a desktop touch device like MS Surface it turns on touch events
which also disables native drag-and-drop support. Touch events can also be set by a user in chrome://flags
to auto
, on
, off
.
There is also a flag for enabling drag-and-drop through touch interaction but only for Windows and the option is off by default.
The polyfill still works if this setting is active. We cannot detect if this flag is set so we just stick to applying the polyfill
when Chrome is detected with touch events enabled.
Firefox:
Touch events can be activated by a user in about:config
to 0
(off), 1
(on), 2
(auto).
As of today (FF39.0) touch behavior is off.
When touch events are active drag-and-drop interaction will still work, so no need to polyfill.
The drag'n'drop API is not implemented consistently in all browsers. This table is an effort to list all things required to make drag'n'drop work in all browsers and with the polyfill.
Browser | dragstart | drag | dragend | dragenter | dragover | dragleave | dragexit |
---|---|---|---|---|---|---|---|
Firefox | event.dataTransfer.setData(type, data) | effectAllowed,dropEffect | effectAllowed,dropEffect | ||||
IE11 | event.preventDefault() when registered on body | ||||||
Polyfill | event.preventDefault() or dropzone required |
empty cells mean there is nothing special to take into account
On desktop browsers if no dragenter
-handler is registered the drag-operation is silently allowed. Browsers don't implement dropzone
-attribute
according to caniuse which is why they allow it by default, which violates the spec.
If a handler is set up it has to call event.preventDefault()
to allow dropping.
This is pretty bad for the polyfill since JS doesn't allow to check how many listeners were invoked when the event is dispatched,
which forces the polyfill to rely on a listener being present calling event.preventDefault()
to make it work.
Further notices:
effectAllowed
or dropEffect
is set in dragstart
then dragenter/dragover
also need to set it.Baseline recommendations for cross-browser/-platform support:
dragstart
by calling event.dataTransfer.setData(type, data)
.dragenter
-event on possible dropzones if the drop is allowed by calling event.preventDefault()
.dragover
-event on dropzone when the drop is allowed by calling event.preventDefault()
, otherwise the drag-operation is aborted.Contributions are welcome.
For more details on development setup see CONTRIBUTING.md
To the amazing contributors who've provided massive extensions and fixes to the original.
@rem - who created the original demo used to demo this shim's drop-in nature.
3.0.0-rc.0 (2022-11-04)
Adds shadow dom support.
Thanks to @jogibear9988 and @johanquiroga :+1:
FAQs
Polyfill for making HTML5 drag and drop possible in all browsers.
The npm package mobile-drag-drop receives a total of 16,465 weekly downloads. As such, mobile-drag-drop popularity was classified as popular.
We found that mobile-drag-drop demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.