You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The page lesspass.com is meant to be a single-page web app with the extremely important function of directly accepting people's master passwords.
This is going to sound stupid to some people, but I'll propose it.
In the interest making this page more secure, I recommend that all resources on this page be inlined. As in one HTML file including all style, images (SVG), and everything needed to display it. Possibly one exception is lesspass.js.
This makes it easier to confirm that there are no tricks, no phoning home, no other network requests.
@edouard-lopez it's not PWA, it's more inlining everything in one html file. If we can remove the minification at the same time, it's will be very easy for anybody to do an audit. Just download the HTML and check the hash. See between different versions, the changes.
The page lesspass.com is meant to be a single-page web app with the extremely important function of directly accepting people's master passwords.
This is going to sound stupid to some people, but I'll propose it.
In the interest making this page more secure, I recommend that all resources on this page be inlined. As in one HTML file including all style, images (SVG), and everything needed to display it. Possibly one exception is lesspass.js.
This makes it easier to confirm that there are no tricks, no phoning home, no other network requests.
Can be implemented here https://github.com/lesspass/lesspass/tree/master/packages/lesspass-site
The text was updated successfully, but these errors were encountered: