The page lesspass.com is meant to be a single-page web app with the extremely important function of directly accepting people's master passwords.
This is going to sound stupid to some people, but I'll propose it.
In the interest making this page more secure, I recommend that all resources on this page be inlined. As in one HTML file including all style, images (SVG), and everything needed to display it. Possibly one exception is lesspass.js.
This makes it easier to confirm that there are no tricks, no phoning home, no other network requests.
Can be implemented here https://github.com/lesspass/lesspass/tree/master/packages/lesspass-site
see #369 for background
Yes this is a really good idea.
The only difficulty is in the tooling.
@edouard-lopez it's not PWA, it's more inlining everything in one html file. If we can remove the minification at the same time, it's will be very easy for anybody to do an audit. Just download the HTML and check the hash. See between different versions, the changes.
Most helpful comment
@edouard-lopez it's not PWA, it's more inlining everything in one html file. If we can remove the minification at the same time, it's will be very easy for anybody to do an audit. Just download the HTML and check the hash. See between different versions, the changes.