Draging a url link to the address bar closes all tabs and opens link in un escable full screen

[Tombsmen]

If you left click on a link and drag it to the url address bar Brave closes all tabs and opens that link in an unescable single full screen window forcing you to close Brave, found this by accident the other day. I think this should would be better if it resulted inopening a new tab with the link, or nothing at all for now.

[Tombsmen]

Turns out chrome does this but Brave is faster and has built in AD blocking and anti tracking.

[diracdeltas]

A fix for this is coming today

[diracdeltas]

Related: #259

Actually drag-and-drop works as expected if the link is dragged into the urlbar input field. But if the page has a title, the urlbar is in title mode, so the input isn't visible.

The same problem happens if the link is dragged to the tab bar area.

[diracdeltas]

As will be mentioned in the 0.7.11 release notes, this turned out to be a serious security issue. If the user drags and drops a malicious link outside of the tab content area, Electron will load the site outside the webview sandbox, where it can compromise the user's system.

PoC: https://zyan.scripts.mit.edu/node_test/opener.html. if you're using a vulnerable version, dragging and dropping the link on that page will create a file named surprise.txt in your home folder. if it's fixed, you will see the link open in a new tab with console errors.

Thanks for reporting, I am glad we got this fixed soon.