lesspass.com as a single page #589
Labels
Comments
|
see #369 for background |
|
Yes this is a really good idea. |
|
@edouard-lopez it's not PWA, it's more inlining everything in one html file. If we can remove the minification at the same time, it's will be very easy for anybody to do an audit. Just download the HTML and check the hash. See between different versions, the changes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The page lesspass.com is meant to be a single-page web app with the extremely important function of directly accepting people's master passwords.
This is going to sound stupid to some people, but I'll propose it.
In the interest making this page more secure, I recommend that all resources on this page be inlined. As in one HTML file including all style, images (SVG), and everything needed to display it. Possibly one exception is lesspass.js.
This makes it easier to confirm that there are no tricks, no phoning home, no other network requests.
Can be implemented here https://github.com/lesspass/lesspass/tree/master/packages/lesspass-site
The text was updated successfully, but these errors were encountered: