Please see Persist file references (while not being exactly the same, it’s close and at least related, if not, when implemented, even the same).
A small comment regarding
The thing is that right now, plugins can get installed with one click without any chance to rate them or anything. Therefore, if a plugin has malicious intents, there is no chance to “call it out”, so to speak, and I am glad plugins therefore don’t have “unrestricted” access to the file system. As soon as a permission system arrives, this changes (as the user will have to explicitly allow a plugin to gain “arbitrary file access”), but the way it is right now, just because it isn’t a website doesn’t “remove” security concerns.
While not about the same thing, see the discussions regarding security here:
- System Call Access for UXP, especially Kerri’s comment
- Is this correct to use image fill (this also, further down, discusses persistent file references
)