Sharad Raj (He/Him)

Posted on Oct 12, 2020

Google Chrome enables file system API ... Super Cool 😁

#javascript #webdev #news #discuss

A new release of Google Chrome enables Native File System API so the developers can build web apps that interact with files on the user’s local device.

How will you use it ? 🙂

Latest comments (35)

Marc • Oct 14 '20

TiddlyWiki

Adam Crockett 🌀 • Oct 13 '20 • Edited

Heres a diagram of Chromes new FootGun API

Alain D'Ettorre • Oct 13 '20

Cool: web apps take a step forward towards native
NOT cool: possibility of stealing data increases massively

Ben Calder • Oct 13 '20

Yet another reason to never install Chrome. I imagine many security conscious businesses who currently use it will be having serious conversations about removing it from their networks.

Sharad Raj (He/Him) • Oct 13 '20

Well it will eventually be in the chromium based browsers, it was already there in flags, just disabled for everyone.

Raghuram Iyer "Ragzzy-R" • Oct 13 '20

nice. next is kernel access to the browser followed by access to CPU Registers.

Sharad Raj (He/Him) • Oct 13 '20

🤣

Graham Smith • Oct 13 '20

Yeah... This seems like a huge security issue. Correct me if I'm wrong, but most web browsers run in a sandboxed environment, making malicious attacks through just a website pretty much impossible. But with this, some website can just ask for file permissions and totally just wipe all your stuff. There would be no way to know whether or not the website is trustworthy. That's just my two cents.

Genspirit • Oct 13 '20

There are security implications but what you are talking about isn't really feasible. The website needs permission and the picker is user controlled. A website can only access files/directories selected by the user. Saving/Editing is also another user prompt(once permission is provided for a single file it remains until the tab is closed).

So in order for what you are discussing to happen a user would have to give permission and open up a directory on the site then also hit confirm every time the site tried to overwrite a file. It's not impossible but there are notable safeguards in place to prevent this.

Sharad Raj (He/Him) • Oct 13 '20

You're right

Quang Phan • Oct 13 '20

Oh... it must observe strictly :D

Junxiao Shi • Oct 13 '20

I'm make a malware that accepts "file submission", but requests write permission from the careless user, and overwrites the file when the permission was granted.

Sharad Raj (He/Him) • Oct 13 '20

🤒

Alvin Bryan • Oct 12 '20

It reminds me when they disabled SharedArrayBuffer because of the massive Meltdown/Spectre stuff. I hope something similar doesn't happen with this.
I'm definitely disabling it for everything.