[croes]

Yet. It’s not hard to imagine a case where it is a bad idea to give the browser access to the whole content of a directory.

There is a reason why it’s Chromium browsers only, don’t you think?

[streptomycin]

So what should I do if I want to make an app with this functionality? Do I have to tell users to download and run some executable? You can imagine a case where that is a bit riskier than a nicely sandboxed web app with permission to access one directory.

[danaris]

> Do I have to tell users to download and run some executable?

Well, yes.

The alternative is to give any malicious ad the ability to drive-by-download malware onto your machine.

[rcxdude]

Just because a problem is not hard to imagine it doesn't mean that the problem is actually a problem in practice. It is worth asking if there are any signs of it existing for real.

[croes]

I hear a lot of this "nothing has happened so far" from people who DUI before their first crash and people who use the same password on multiple sites before their first credential stuffing hack