FileSystemHandle.remove() for the File System Access API

[a-sully]

Wotcher TAG!

I'm requesting a TAG review of FileSystemHandle::remove() for the File System Access API.

Currently, it is not possible to remove a file or directory given its handle. You must obtain the handle of the parent directory, which there is no straightforward way to do and may not be possible in some cases, and call FileSystemDirectoryHandle::removeEntry().

Introducing a new method, FileSystemHandle::remove() (which follows the pattern of https://dom.spec.whatwg.org/#dom-childnode-remove), enables the common use case where you obtain a file handle from showSaveFilePicker(), but then decide you don't want to save after all, and delete the file.

• Explainer: https://github.com/whatwg/fs/pull/9
• Tests: FileSystemBaseHandle-remove.js
• Security and Privacy self-review: WICG/file-system-access/security-privacy-questionnaire.md
• GitHub repo: whatwg/fs
• Primary contacts (and their relationship to the specification):
  • Austin Sullivan (@a-sully), Google Chrome
• Organization(s)/project(s) driving the specification:Google/Chromium
• External status/issue trackers for this specification: https://chromestatus.com/feature/6318478849998848

Further details:

• [x] I have reviewed the TAG's Web Platform Design Principles
• The group where the work on this specification is currently being done: whatwg/fs (initial work was started WICG, but the relevant parts to this proposal have been moved to whatwg)
• The group where standardization of this work is intended to be done: whatwg/fs
• Major unresolved issues with or opposition to this specification:
• This work is being funded by: Google

We'd prefer the TAG provide feedback as:

🐛 open issues in our GitHub repo for each point of feedback

[rhiaro]

Thanks for your review request. On the surface, the developer need you have laid out seems reasonable. Could you articulate this in terms of the impact on the end user, in a small standalone explainer please? Also it would be helpful if you can respond to the security & privacy questionnaire in a way specific to this addition to the spec. We would like clarity on cases where the file handle is obtained from an open file (as opposed to from showSaveFilePicker()), as well as mitigations against the risks of recursive directory removal using this method.

[a-sully]

Sure thing. The explainer is at https://github.com/a-sully/fs/pull/1 (with a more readable preview of the markdown here)

[torgo]

@a-sully is there a Mozilla Standards Position on this? The comment you've linked to in the explainer under Gecko seems a little vague and possibly out of date? Also do you have any further info / documentation on developer interest?

[a-sully]

Yeah sorry that explainer was partially copy-pasted from a PR that's been up for a while.

I filed https://github.com/mozilla/standards-positions/issues/716 a couple weeks ago, but there's been no activity yet (I suspect @jesup might be OOO)

[rhiaro]

Hi there. We discussed this in our call a couple of weeks ago. We understand that this has already shipped so there probably isn't any more feedback we can usefully give here. We remain concerned about the multi-stakeholder engagement, and what happens if support for this is inconsistent between UAs. We also don't see an answer in the explainer to the questions I left in December, or information in the explainer about the impact this proposal has from a web user's perspective (rather than a site author).