Enable drag&drop for plugin.jar, presets.xml, style.mapcss, rules.validator.mapcss

[simon04]

The operations

• drag&drop of a file onto JOSM
• drag&drop of an URL onto JOSM
• pasting a file from system clipboard inside JOSM

should install

• plugins when the corresponding file is a plugin
• style when the corresponding file is a MapCSS style
• presets when the corresponding file is a preset XML file
• validation rules when the corresponding file is a MapCSS validation rule set

[stoecker]

Hmm. I'm not sure that is a good idea. Drag&Drop for active components is a big security issue and the number of users of local styles, plugins, ... is extremely low.

[Don-vip]

Can you please describe why you think it's a security issue? Drag and drop can only occur locally, I don't see why it would be more dangerous to install extensions like this rather than downloading something from the Internet.

[stoecker]

Normal behavior for Drag&Drop is to load a file and display it. This style of Drag&Drop does modify the configuration (in case of a plugin in a severe way).

The internet download has security implications as well, but it is a clearly defined way and more or less monitored by the community.

I agree that the risk is moderate, but the question is if there is a reason to introduce such an additional risk for the very limited number of users.

[Don-vip]

Install by drag and drop is a common practice in several use cases:

• Eclipse: ​https://marketplace.eclipse.org/content/drag-install-now-available-eclipse-marketplace
• macOS: ​https://stackoverflow.com/questions/10574223/how-to-create-drag-and-drop-installer-for-macos-x

I understand the goal as to offer people making extensions a very fast way to load them. I agree the target is limited but still it would be useful (especially for me when I must create a sample map style to reproduce an issue).