Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Google and Mozilla are working on an API to let web apps edit local files

steven36

By steven36
in Software News

Recommended Posts

steven36

steven36

Posted
Posted

But there's a lot of security issues to think about first

googledocssharingsettingsscreen-580x358.

 

Combining online and offline could lead to security settings not listed here

 

A CONSORTIUM of developers is looking for a way that will allow users to edit locally saved files in web apps.

 

The grou, led by teams from Google Chrome and Mozilla Firefox, has a few hurdles to overcome before we can even think about this sort of thing as "normal", because exposing offline files to the internet is fraught with danger.

 

At the moment, users need to upload files, edit them and download them again to minimise the risk of dodgy payloads getting a free pass to your hardware.

 

It's one of the reasons that Microsoft still offers native versions of the Office suite, not just the Office 365 versions.

 

 

Pete LePage, a developer advocate for Google explains the problem of creating a Writable Files API: "Today, if a user wants to edit a local file in a web app, the web app needs to ask the user to open the file. Then, after editing the file, the only way to save changes is by downloading the file to the Downloads folder, or having to replace the original file by navigating the directory structure to find the original folder and file.

 

"This user experience leaves a lot to be desired, and makes it hard to build web apps that access user files."

 

But, he adds that the potential for abusing such a feature is huge, and could even lead to websites with access to your private documents:

 

"The Writable Files API must be designed in such a way as to limit how much damage a website can do, and make sure that the user understands what they're giving the site access to."

 

The W3C Web Incubator Community Group (WICG) is the team working towards finding a safe implementation, and are currently looking at options for security.

 

As well as hidden code, there's also the risk of so-called "super-cookies" which could give the website permanent access to the locally held file.

 

WICG is currently canvassing feedback as it works on the API, and hopes that the hive mind will come up with the right security protocols and permissions, and if there should be any limitations on the types of files that can be made writable.

 

Source

 

Link to comment
Share on other sites
  • Views 475
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...