> Do you think this can be remedied by moving the code out of the web container?
That's what I did in my own design. My protocol's purpose is different from cryptocat's, but the problem that in-browser javascript is untrustworthy is the same.
I designed my protocol so that it needn't be embedded in the browser at all -- or for that matter, piggybacked on HTTP.
That's what I did in my own design. My protocol's purpose is different from cryptocat's, but the problem that in-browser javascript is untrustworthy is the same.
I designed my protocol so that it needn't be embedded in the browser at all -- or for that matter, piggybacked on HTTP.