Explore Send, the 2.5GB secure file-sharing tool built from Firefox Send. Learn how Send offers privacy-focused file sharing with expiration settings, download limits, and self-hosting options.
In theory, yes. But if you follow the link and that leads to downloading the JS and running it, you’re already too late inspecting it.
And even if you review it once (and it wasn’t too large or obfuscated via minification), the next time you load a page, the JS can be different. I guess there could be a web browser extension for pinning the code?
The only practial alternative I know of is to have a local client you can review once (and after updates).
So the trick is to use the
#fragment
part of the URL, that is not sent to the server.Of course the JS one downloads from the server could easily upload it to it, so you still need to trust the JS.
But the JS code could be checked on the webpage, correct? If so, the page could be trysted (if vetted).
In theory, yes. But if you follow the link and that leads to downloading the JS and running it, you’re already too late inspecting it.
And even if you review it once (and it wasn’t too large or obfuscated via minification), the next time you load a page, the JS can be different. I guess there could be a web browser extension for pinning the code?
The only practial alternative I know of is to have a local client you can review once (and after updates).