[jaffathecake]

> So websites can now nag users to allow access to the root of their local disk

No, Chrome doesn't allow this.

Here's a simple demo: https://output.jsbin.com/kekekac/quiet - note that you can't select root, Downloads etc.

[croes]

In this example

https://web.dev/patterns/files/open-a-directory

I can select Downloads

[codedokode]

I could select /boot and ~/.cache. Genius. Given how smart are many Internet users this will definitely not cause any misuse.

[move-on-by]

Ah yes, totally secure. I’m sure there will be no unforeseen problems or bypasses.

[streptomycin]

It's been in Chrome for 6 years and I'm not aware of any problems it's caused.

[croes]

Yet. It’s not hard to imagine a case where it is a bad idea to give the browser access to the whole content of a directory.

There is a reason why it’s Chromium browsers only, don’t you think?

[streptomycin]

So what should I do if I want to make an app with this functionality? Do I have to tell users to download and run some executable? You can imagine a case where that is a bit riskier than a nicely sandboxed web app with permission to access one directory.

[rcxdude]

Just because a problem is not hard to imagine it doesn't mean that the problem is actually a problem in practice. It is worth asking if there are any signs of it existing for real.

[croes]

I hear a lot of this "nothing has happened so far" from people who DUI before their first crash and people who use the same password on multiple sites before their first credential stuffing hack