I work on the Chrome Remote Desktop team. Our use case involves saving files and directories that the user has selected to download from a remote machine, transferred via WebRTC.
For files this means we want to trigger the browser to prompt the user for a save location (or possibly pick a default based on the user’s download settings), and obtain a handle to write to only that file as data is received. Once the handle is closed, we’d have no more access to the file.
For directories, we’d similar want the user to pick a location and name (with a default provided) for a new directory to be created. The website would then have access to that directory until the handle (or page) was closed.
Ideally, if the download was aborted (including by closing the page mid-transfer) the partially written file/directory could be cleaned up automatically. It might also be nice if the browser appended a .part extension or similar while the file/directory is still being written, similar no a normal download.
Since this would not provide any persistent access or access to existing data, it seems like it should be safe for use by standard websites such as ours.