• flux@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 hours ago

    So the trick is to use the #fragment part of the URL, that is not sent to the server.

    Of course the JS one downloads from the server could easily upload it to it, so you still need to trust the JS.

    • peregus@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      9 hours ago

      But the JS code could be checked on the webpage, correct? If so, the page could be trysted (if vetted).