The proper fix here IMO is to not let the user grant write or read access to an entire directory, only the files the page needs. Ideally, the only way a page could get write access to a directory is if the page owns the directory (i.e. the browser creates it for them and the user copies files into it).