摘要 |
One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application. |
主权项 |
1. A method comprising:
accessing, by a computing system, a platform-independent web application; allocating a filesystem storage space on one or more nonvolatile storage devices for use by the web application on the computing system; creating, for the web application, a private filesystem comprising a private root directory within the filesystem storage space, wherein the web application is restricted from accessing a host filesystem associated with the computing system; invoking, at a first time, the web application for execution by the computing system, including providing the web application with access to use the private filesystem; invoking, at a later, second time, the web application for execution by the computing system, including providing the web application with access to use the private filesystem; maintaining, by the computing system, the private filesystem between invoking the web application at the first time and invoking the web application at the later, second time; and providing a script-based interface on the computing system for use by the web application and through which the web application accesses the private filesystem. |