Google and Mozilla development APIs make it easy for web apps to edit local files

A team led by Google and Mozilla is developing an API that makes it easy to edit files using a browser-based web application, which allows users to download new files without having to edit the files each time. But the development team believes this feature can cause abuse and security issues, so it wants advice on how to guard against significant security and privacy risks.

cryptographic software library Tink

The development team believes that such a feature is necessary today, users only need to save on the web application, without having to re-download each time after editing the local file.

Google developer evangelist Pete LePage said: “Today, if a user wants to edit a local file in a web app, the web app needs to ask the user to open the file. Then, after editing the file, the only way to save changes is by downloading the file to the Downloads folder, or having to replace the original file by navigating the directory structure to find the original folder and file. This user experience leaves a lot to be desired, and makes it hard to build web apps that access user files.”

To this end, the W3C Web Incubation Community (WICG), chaired by Chrome developers and Firefox developer representatives, is working on the development of the new Writable Files API, which allows web applications running in a browser to open files, edit, and save your changes to the same file.

However, the organization said the biggest challenge would be to prevent malicious websites from abusing persistent access to files on the user’s system. “By far the hardest part for this API is, of course, going to be the security model to use,” WICG’s API interpreter page warned: “The API provides a lot of scary power to websites that could be abused in many terrible ways.”