Comment by streptomycin

8 hours ago

So what should I do if I want to make an app with this functionality? Do I have to tell users to download and run some executable? You can imagine a case where that is a bit riskier than a nicely sandboxed web app with permission to access one directory.

5 comments

streptomycin

danaris 6 hours ago

> Do I have to tell users to download and run some executable?

Well, yes.

The alternative is to give any malicious ad the ability to drive-by-download malware onto your machine.

streptomycin 2 hours ago

Well there is a permission dialog and you need to select the directory to grant access and common sensitive directories are blacklisted.
A malicious ad would probably have an easier time tricking you into downloading and running an executable, which is something that has actually happened many times IRL. Worry about that before worrying about theoretical exploits that nobody has actually exploited in an API shipped in the world's most popular web browser for the past 6 years.
modeless 4 hours ago
Did you miss that this has been shipped in Chrome for 6 years? How many drive-by-download viruses has your machine gotten since then? Zero for me...
- danaris 3 hours ago
  
  Mine?
  None.
  Because I don't use Chrome.
  It's spyware.
  
  1 reply →