Add execute() to FileSystemDirectoryHandle

[guest271314]

This proposal is simple. Native File System can be granted permission to read and write to a local (or "sandboxed") directory and file.

Add execute() or executeScript() method to FileSystemDirectoryHandle.

The basic algorithm

Context: Window, WorkerGlobalScope, WorkletGlobalScope

1. let outputFileName = "file.ext", scriptName = "doStuff"
2. let nativeScripts = await self.requestNativeScripts(<Map> [[<${scriptName}>, "/path/to/local/directory/sciptName"]])
3. let writeScript = await nativeScripts.get(<${scriptName}>).write("#!/bin/bash ... doStuff(<${outputFileName}>)")
4. await writeScript.execute() // when outputFileName is written resolve Promise
5. let dir = await self.chooseFileSystemEntries({type: "openDirectory"})
6. let result = await dir.getFile(<${outputFileName}>) // get output of executed native application

The functionality is essentially possible now using inotifywait or similar directory and file change observation script or program. This proposed change to the specification incorporates that functionality into Native File System with the capability to set execute permission at a local file and execute that script file.

WICG proposal [Proposal] requestNativeScripts() - Write, reference, execute native (shell) scripts in main thread, Worker, Worklet scope.

[pwnall]

Thank you for bringing this up!

I think that executing code on the local file system belongs in a different specification, and should be an explicit non-goal of the native FS specification.

[guest271314]

@pwnall Thank you for your input. Technically native FS specification is already executing code on the local file system by reading and writing files on the local file system. The same underlying principal, specification details and implementation is involved with directly executing a file. +x is merely an additional permission flag. The reference to the file to be executed can remain in the current context meaning there would technically be no means for any other context to reference and execute the file, in lieu of not using the as yet undefined term "sandboxed".

[guest271314]

To be absolutely clear the addition of execute() would only provide a means to execute scripts 1) on the users' machine 2) in a directory where execute permission is explicitly set 3) possible to be executable only for a given time span 4) executable only in the current working directory; the user needs to manually or programmatically place the files to be executed in the folder (i.e.,./doStuff required for execution) where permission is requested (only possible by direct user action). Further restrictions can be imposed if necessary.

[mkruisselbrink]

Agreed that this is out of scope for this spec.