DEV Community

Discussion on: Google Chrome enables file system API ... Super Cool 😁

hedgy134117 profile image
Graham Smith

Yeah... This seems like a huge security issue. Correct me if I'm wrong, but most web browsers run in a sandboxed environment, making malicious attacks through just a website pretty much impossible. But with this, some website can just ask for file permissions and totally just wipe all your stuff. There would be no way to know whether or not the website is trustworthy. That's just my two cents.

genspirit profile image

There are security implications but what you are talking about isn't really feasible. The website needs permission and the picker is user controlled. A website can only access files/directories selected by the user. Saving/Editing is also another user prompt(once permission is provided for a single file it remains until the tab is closed).

So in order for what you are discussing to happen a user would have to give permission and open up a directory on the site then also hit confirm every time the site tried to overwrite a file. It's not impossible but there are notable safeguards in place to prevent this.

sharadcodes profile image
Sharad Raj (He/Him) Author

You're right