The guarantee of web page never edit file on your disk(only create new ones) does not hold on this api though. I know
it's what makes this api useful. But at the same time, there is big risk that user never expected this and results into giant security issue.
Firefox and safari are generally very conservative about new api that can enable new type of exploits.
At least firefox and safari does implement origin private file system. So, while you can't edit file on user disk directly. You can import the whole project into browser. Finish the edit and export it.
Browsers have had widespread support for processing files via drag-and-drop and the <input> element since HTML5 (< 2015). The last holdout on allowing the filepicker to accept a full directory (and its subdirectories, recursively—rather than 1 or N individual files) was Safari sometime around (before) 2020.
The Chrome team's new, experimental APIs are a separate matter. They provide additional capabilities, but many programs can get along just fine without since they don't don't strictly need them in order to work—if they would ever even have end up using them at all. A bunch of the applications in the original post fall into this category. You don't need new or novel APIs to be able to hash a file, for example. It's a developer education problem (see also: hubris).
Providing a web app with edit access to a local directory is really needed for this to be usable. Without that you're constantly managing downloaded files and manually replacing things. I do think this is a case where the File System Access API shines.
> Providing a web app with edit access to a local directory is really needed for this to be usable.
"This" what? sha256sum doesn't need read-write access for even one file to be able to compute a hash, let alone a whole directory. You're ignoring most of my comment, focusing on like 20%, and in so doing, missing (and/or deliberately misframing) 100% of the point.
We're talking about Simon's boosting of https://aifoc.us/the-browser-is-the-sandbox/ which is a prototype of Claude Cowork in the browser. That's what I'm saying needs read-write access.
Yup. That's the link, all right—the one we all read and that I'm citing examples from. Thanks for the reminder, I guess: it has been a whole 8 hours since I first looked at it.
What "we" are talking about here, in this subthread, is the fact that "Browsers have had widespread support for processing files" for a long, long time, and that although "Chrome team's new, experimental APIs [...] provide additional capabilities" which are undoubtedly useful for certain programs, they're overkill and don't offer anything new and/or strictly necessary for many, many programs that don't actually need that sort of access—including "A bunch of the applications in the original post [that] fall into this category. You don't need new or novel APIs to be able to hash a file, for example."
Which is to say, we're talking about POLP/POLA. And the point of my comment was to address the very worthwhile matter of POLA violations. But you seem insistent on shutting that discussion down with chatter that looks like it's an on-topic reply or refutation to something, but in reality doesn't actually meaningfully engage with what you're purporting to respond to, or at best comes come across as confused and not particularly attentive.
There are already and will continue to be plenty of opportunities to discuss the acknowledged upsides of the new APIs for the class of programs for which they are strictly necessary. There's a lot of them in this very comment section. It doesn't have to come at the expense of changing the subject in the middle of a different conversation—accompanied by undertones that you're putting some matter to rest.
Boy, this has been a really fun and rewarding experience.
> I agree we're talking past each other
You're exactly half right.
Let's make this dead simple: does anyone need any of these new APIs to compute the SHA-2 hash for a file? A simple answer will do. Simple, non-evasive, no "look thither" misdirection.
