Y
Hacker News
new
|
ask
|
show
|
jobs
by
brownbat
5169 days ago
Hmm, oh, I think the stuff after the hash is the decryption key, and we're assuming the server throws it away.
We still require a trusted third party here.
1 comments
StavrosK
5168 days ago
The HTML anchor never reaches the server in the request, it's for local use only. Of course, malicious JS on the page can always send it anywhere.
link