So what should I do if I want to make an app with this functionality? Do I have to tell users to download and run some executable? You can imagine a case where that is a bit riskier than a nicely sandboxed web app with permission to access one directory.

▲

danaris a day ago | parent [-]

> Do I have to tell users to download and run some executable?

Well, yes.

The alternative is to give any malicious ad the ability to drive-by-download malware onto your machine.

▲

streptomycin a day ago | parent | next [-]

Well there is a permission dialog and you need to select the directory to grant access and common sensitive directories are blacklisted.

A malicious ad would probably have an easier time tricking you into downloading and running an executable, which is something that has actually happened many times IRL. Worry about that before worrying about theoretical exploits that nobody has actually exploited in an API shipped in the world's most popular web browser for the past 6 years.

	▲	croes 17 hours ago \| parent [-]
		Did you try this? https://web.dev/patterns/files/open-a-directory At least it got the number of files in the selected directory including Program Files and Windows\System32 I didn't click upload, so ...

▲

rcxdude a day ago | parent | prev | next [-]

That isn't how any of these things work, though. This kind of thing needs a permission to be granted by the user and it does not extend to third-party ads appearing on the site that it is granted to (banner ads have, for a long time, been sandboxed in iframes in the browser to prevent such exploits). I wish native applications had this level of isolation from each other.

▲

modeless a day ago | parent | prev [-]

Did you miss that this has been shipped in Chrome for 6 years? How many drive-by-download viruses has your machine gotten since then? Zero for me...

▲

danaris a day ago | parent [-]

Mine?

None.

Because I don't use Chrome.

It's spyware.

	▲	a day ago \| parent [-]
		[deleted]