This bug is specifically for implementing a per-origin sandboxed filesystem API. Most likely we'll need to implement this on top of a database rather than on top of the real OS filesystem. The reason for this is both that filesystems differ a whole lot the names that they allow for files and directories, and that it's somewhat scary to allow websites to write executable files with executable extensions directly to the users file system. Google did the same thing in the filesystem API they expose to web pages. There's an early spec here: http://w3c.github.io/filesystem-api/Overview.html#extensionNav The API has received a fair amount of feedback, but obviously the spec more work to be more descriptive.