Read, and write files and directories in local filesystem from the browser with workerd and fetch()
Posted by guest271314@reddit | programming | View on Reddit | 11 comments
OneForAllOfHumanity@reddit
In what world is this a good idea?
guest271314@reddit (OP)
Not sure what you mean?
Kindly explain your the basis of your concern.
OneForAllOfHumanity@reddit
Why would anyone want to go to a site that can read and write to your local file system. They screams security vulnerabilities. And if you have to do sketchy stuff to the browser to make it work, it's going to have very limited applicability, so why go through the effort to do it...
guest271314@reddit (OP)
That's not what is going on.
guest271314@reddit (OP)
Close the browser, turn off all of the myriad of electronic devices you have going, go to the loca library and read a book.
Do not fire up that iPhone, IPad, or Android device that has so many established external network connections ongoing out of the box that you can't even say how many applications have access to your software and hardware in 5 seconds.
Big_Combination9890@reddit
It sure is. Which is ehy we work really hard to avoid giving WebBrowsers access to things they shouldn't have access to...like local file systems.
guest271314@reddit (OP)
You must clutch your pearls constantly while surfing the Interwebs.
You mean like cookies,
localStorage,navigator.storage.getDirectory()?Clearly you don't understand what is going on.
You install an unpacked extension on your own machine, and use the well-establish Native Messaging protocol to start a local server, in this case Cloudflare's Workerd, that reads and write directly to, and only to, the directory you set.
Tell me, exactly how many network connections are established, right now, on the device you are reading Reddit on?
There's already Web NFC, Web Bluetooth, Web Share, WebRTC, WICG File System Access, WHATWG File System that are already standardized; and then there's WebTorrent, IPFS, among other technologies, some legacy, such as an HTML
<form>,<a download>, Blob URL withwindow.open(), et al.No idea where you get the "sketchy stuff" from?
This is the Native Messaging protocol, implemented by Google's Chromium browser - which means Chrome, Brave, Opera, Microsoft Edge, too; Apple's Safari, Mozilla's Firefox.
I'm being nice in the code. Child's play. This is work outside of standards to do whatever I or anybody else wants re creating a FIFO or pipe to and from the browser fs.
It's for people who hack the browser. Or just hack in general.
Only one of many I've written in this domain.
OneForAllOfHumanity@reddit
From cloudflare/workerd GitHub repo:
guest271314@reddit (OP)
So what?
I generally break out of alleged browser and other "sandboxes", anyway.
You really have no clue what is going on here.
Chromium browser with "" set in "host_permissions" of an extension allows fetch() for file: protocol out of the box, without using Native Messaging.
We can write files and directories to the local file system with WICG File System Access, and if we want we can get the "sandboxed" directories and files written to
localStorageand withnavigator.storage.getDirectory()that reside in the browser configurtation folder - in the browser, too.Further, any programming language can be used. I just happen to be using Cloudflares
workerd. I've done the same thing using QuickJS (JavaScript engine/runtime), PHP, et al.Big_Combination9890@reddit
It sure does. Which is why I don't use Chrome, and even if I did, I would not install such an extension.
guest271314@reddit (OP)
So what?
I generall break out of alleged browser and other "sandboxes", anyway.