The guarantee of web page never edit file on your disk(only create new ones) does not hold on this api though. I know
it's what makes this api useful. But at the same time, there is big risk that user never expected this and results into giant security issue.
Firefox and safari are generally very conservative about new api that can enable new type of exploits.
At least firefox and safari does implement origin private file system. So, while you can't edit file on user disk directly. You can import the whole project into browser. Finish the edit and export it.
Browsers have had widespread support for processing files via drag-and-drop and the <input> element since HTML5 (< 2015). The last holdout on allowing the filepicker to accept a full directory (and its subdirectories, recursively—rather than 1 or N individual files) was Safari sometime around (before) 2020.
The Chrome team's new, experimental APIs are a separate matter. They provide additional capabilities, but many programs can get along just fine without since they don't don't strictly need them in order to work—if they would ever even have end up using them at all. A bunch of the applications in the original post fall into this category. You don't need new or novel APIs to be able to hash a file, for example. It's a developer education problem (see also: hubris).
Providing a web app with edit access to a local directory is really needed for this to be usable. Without that you're constantly managing downloaded files and manually replacing things. I do think this is a case where the File System Access API shines.
> Providing a web app with edit access to a local directory is really needed for this to be usable.
"This" what? sha256sum doesn't need read-write access for even one file to be able to compute a hash, let alone a whole directory. You're ignoring most of my comment, focusing on like 20%, and in so doing, missing (and/or deliberately misframing) 100% of the point.
The guarantee of web page never edit file on your disk(only create new ones) does not hold on this api though. I know it's what makes this api useful. But at the same time, there is big risk that user never expected this and results into giant security issue.
Firefox and safari are generally very conservative about new api that can enable new type of exploits.
At least firefox and safari does implement origin private file system. So, while you can't edit file on user disk directly. You can import the whole project into browser. Finish the edit and export it.
Browsers have had widespread support for processing files via drag-and-drop and the <input> element since HTML5 (< 2015). The last holdout on allowing the filepicker to accept a full directory (and its subdirectories, recursively—rather than 1 or N individual files) was Safari sometime around (before) 2020.
The Chrome team's new, experimental APIs are a separate matter. They provide additional capabilities, but many programs can get along just fine without since they don't don't strictly need them in order to work—if they would ever even have end up using them at all. A bunch of the applications in the original post fall into this category. You don't need new or novel APIs to be able to hash a file, for example. It's a developer education problem (see also: hubris).
Providing a web app with edit access to a local directory is really needed for this to be usable. Without that you're constantly managing downloaded files and manually replacing things. I do think this is a case where the File System Access API shines.
> Providing a web app with edit access to a local directory is really needed for this to be usable.
"This" what? sha256sum doesn't need read-write access for even one file to be able to compute a hash, let alone a whole directory. You're ignoring most of my comment, focusing on like 20%, and in so doing, missing (and/or deliberately misframing) 100% of the point.
4 replies →
Because it is a ChromeOS Platform API, not that it matters with the Chrome market share.