[kevin_nisbet]

While this may work for unsophisticated attacks, wouldn't it still be possible for a more sophisticated adversary to do something more like store the document in browser local storage, and then later with internet access to post the contents?

I haven't spent a huge amount of time in the browser security space, but I do think there is quite alot of surface area if you give the browser session sensitive data.

[paulgb]

If you are using an incognito tab, anything in local storage, cookies, even caches should go away. I am not 100% up on the details but I believe modern browsers are pretty strict about isolating incognito state.

You're right though in general, that's why the incognito tab is important.

[jonny_eh]

This is correct, but you need to close ALL incognito tabs for storage to get wiped, not just the tab you loaded the site in.

[YPPH]

I mean, I considered this implied within the suggestion of using incognito mode.

In any event, it's an unrealistic attack vector. No bad actor is going to target 0.1% of edge cases when you could get enough damaging information from people who do not go through this process and remain connected to the internet.

[jonny_eh]

Just making it clear for anyone that doesn't know. It's caught me off guard before.

[lxgr]

That depends on the browser, I believe.