Modern web browsers are increasingly becoming like virtual computers, able to send email and play music and videos. The downside is it’s a new way for hackers to get into your computer.
The proper fix here IMO is to not let the user grant write or read access to an entire directory, only the files the page needs. Ideally, the only way a page could get write access to a directory is if the page owns the directory (i.e. the browser creates it for them and the user copies files into it).
Looks like it’s just:
The proper fix here IMO is to not let the user grant write or read access to an entire directory, only the files the page needs. Ideally, the only way a page could get write access to a directory is if the page owns the directory (i.e. the browser creates it for them and the user copies files into it).