securely persist origin-bound files in directory ~/Downloads/<origin>/

WICG / storage-foundation-api-explainer

Explainer showcasing a new web storage API, NativeIO

Apache License 2.0

63 stars 8 forks source link

securely persist origin-bound files in directory ~/Downloads/<origin>/ #2

Open kaizhu256 opened 4 years ago

kaizhu256 commented 4 years ago

modern browsers have write-access to ~/Downloads/ directory (or similar).

is it safe and secure to give nativeio origin-bound read-access to subdirectories in ~/Downloads ? e.g.:

website kaizhu256.github.io can persist/read sql.js db only from
~/Downloads/io.github.kaizhu256/

website fivedots.github.io can persist/read sql.js db only from
~/Downloads/io.github.fivedots/