| ▲ | shortercode a day ago | ||||||||||||||||
Both sides are valid. Is it a security risk? In the right conditions yes. But on the other side of it there’s user consent, limited per domain access, and the capability to do multi file editor style apps. I think the WebKit take on this is good and a better fit for most apps. They instead implemented Origin Private File System. Which is based on the same API bits but the folder is only accessible by the website. The downside is the user loses some control over the files: - can’t see what’s being stored - can’t easily backup those files - has to use that web app to access the files - usual nonsense about important files being classed as “cookies” or some nonsense by cache cleaning tools, leading to users deleting their data without realising it | |||||||||||||||||
| ▲ | xg15 13 hours ago | parent | next [-] | ||||||||||||||||
As I understood it, the two APIs have different purposes, so I don't think you can really compare them. Origin Private File System is for files that the app manages internally and that normally, the user should never touch - like stuff in /var or AppData for native applications. Hence why browsers make no guarantees where on disk they will store those files or even if they'll store them as files at all. But I think that's not really very interesting, because it's not offering anything new you couldn't already do with localStorage or indexedDB, just with a file-like API. Hence why browsers also put it in the same "ephemeral local data" bucket as those APIs. The directory picker API would offer a new ability, namely to "open a directory" in user-managed space and work with it like an IDE would. But I can see why the security risks are too large for that. | |||||||||||||||||
| ▲ | codedokode a day ago | parent | prev [-] | ||||||||||||||||
> The downside is the user loses some control over the files: Why not use some human-readable path like ~/Internet/example.com/ ? In this case the user could see the files. | |||||||||||||||||
| |||||||||||||||||